Jump to content

Malware or Trojan? problem... I need help!


Recommended Posts

My problem started out on Friday when I received a bogus Microsoft Security essentials message. I wasn't able to run task manager and I saw a post here that suggested to someone to make a copy of task manager and call it something else, and this allowed me to go in kill the process hotfix.exe. I then ran malwarebytes pro with scans and it detected a number of things and appeared to fix it, but then two days later I started getting messages that MWbytes detected and blocking outgoing ip activity to what it called "Successfully blocked access to a potentially malicious website".

Below are my scans as per the instructions on this forum.. would appreciate any help with this problem.

DDS (Ver_10-11-27.01) - NTFSx86

Run by jfischer at 18:53:25.29 on Tue 11/30/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1269 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft SQL Server_vast\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\jfischer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\jfischer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\jfischer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\jfischer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [Google Update] "c:\documents and settings\jfischer\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /runonce

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: bmnet.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

Hosts: 192.168.1.105 HP0017A4286584

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-26 217032]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-11-30 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-11-30 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-11-30 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-11-30 116784]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-15 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-26 363344]

R2 MSSQL$VASTPOS;SQL Server (VASTPOS);c:\program files\microsoft sql server_vast\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-11-30 126392]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2006-2-14 103936]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2009-9-24 17664]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-30 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101129.001\IDSXpx86.sys [2010-10-19 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-26 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101130.003\NAVENG.SYS [2010-11-30 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101130.003\NAVEX15.SYS [2010-11-30 1371184]

R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2008-4-2 44288]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-5-19 121344]

S3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-26 112592]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 EMP_UDSA;EMP_UDSA;c:\program files\epson projector\epson usb display v1.4\EMP_UDSA.exe [2009-9-24 94208]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 SessionLauncher;SessionLauncher;c:\docume~1\jfischer\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\jfischer\locals~1\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2010-11-30 21:42:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-30 21:42:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-11-30 16:26:36 339504 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys

2010-11-30 16:26:35 361904 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdi.sys

2010-11-30 16:26:35 173104 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symefa.sys

2010-11-30 16:26:34 43696 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtspx.sys

2010-11-30 16:26:34 328752 ----a-r- c:\windows\system32\drivers\n360\0402000.00c\symds.sys

2010-11-30 16:26:33 325680 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtsp.sys

2010-11-30 16:26:33 116784 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys

2010-11-30 16:26:32 501888 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys

2010-11-30 16:24:24 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C

2010-11-30 16:02:51 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Temp

2010-11-30 16:01:56 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Google

2010-11-30 15:49:15 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Threat Expert

2010-11-30 11:05:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-30 11:05:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-30 11:04:48 -------- d-----w- c:\windows\system32\drivers\N360

2010-11-30 11:04:45 -------- d-----w- c:\program files\Norton Security Suite

2010-11-30 11:04:29 -------- d-----w- c:\program files\NortonInstaller

2010-11-30 11:04:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-11-30 11:02:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-11-29 20:22:33 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-29 20:22:33 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-29 20:17:29 -------- d-----w- c:\docume~1\jfischer\applic~1\PC Tools

2010-11-29 20:17:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-11-27 04:44:15 -------- d-----w- c:\program files\iPod

2010-11-27 04:44:10 -------- d-----w- c:\program files\iTunes

2010-11-26 20:31:46 -------- d-----w- c:\docume~1\jfischer\applic~1\Malwarebytes

2010-11-26 20:31:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 20:31:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 20:31:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 20:31:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-26 19:37:51 388096 ----a-r- c:\docume~1\jfischer\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-26 19:37:50 -------- d-----w- c:\program files\Trend Micro

2010-11-26 18:54:18 767952 ----a-w- c:\windows\BDTSupport.dll

2010-11-26 18:54:17 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-11-26 18:54:16 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-11-26 18:54:16 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-11-26 18:54:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-26 18:53:46 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-26 18:53:46 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-26 18:53:13 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-26 18:52:21 -------- d-----w- c:\program files\Spyware Doctor

2010-11-26 18:52:21 -------- d-----w- c:\program files\common files\PC Tools

2010-11-26 18:03:59 0 ----a-w- c:\windows\Tkupaponaduqiru.bin

2010-11-26 18:03:56 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\{84638F2D-79CD-4947-A123-C17E7786B75C}

2010-11-20 17:21:16 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-11-20 17:20:06 -------- d-----w- c:\windows\Logs

2010-11-20 17:16:20 -------- d-----w- c:\program files\Sony

2010-11-20 17:16:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sony Corporation

2010-11-20 17:14:56 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2010-11-20 17:14:56 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2010-11-20 17:14:56 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-11-20 17:14:56 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2010-11-20 17:14:56 317952 ------w- c:\windows\system32\imapi2.dll

2010-11-10 21:41:58 -------- d-----w- c:\program files\Bonjour

2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2010-11-04 21:56:52 28472 ----a-w- c:\program files\mozilla firefox\plugins\webex\932\atgpcdec.dll

2010-11-04 21:56:52 239496 ----a-w- c:\program files\mozilla firefox\plugins\webex\932\atgpcext.dll

==================== Find3M ====================

2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 16:09:28 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll

2010-09-15 16:09:24 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HS122JC rev.GQ100-05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8A5BD446]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5c3504]; MOV EAX, [0x8a5c3580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A5DFAB8]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A618E50]

5 PCTCore[0xB9E60AC6] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A619D98]

\Driver\atapi[0x8A68A270] -> IRP_MJ_CREATE -> 0x8A5BD446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HS122JC_________________________GQ100-05#5&2f7712b7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A5BD292

user != kernel MBR !!!

sectors 234441646 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 18:56:39.34 ===============

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5219

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/30/2010 3:58:51 PM

mbam-log-2010-11-30 (15-58-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 275662

Time elapsed: 2 hour(s), 36 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{dc3ae064-cba5-4137-bdf5-9b7d6838144a}\RP382\A0128133.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\system volume information\_restore{dc3ae064-cba5-4137-bdf5-9b7d6838144a}\RP383\A0133112.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

05:40:58 jfischer MESSAGE Protection started successfully

05:41:03 jfischer MESSAGE IP Protection started successfully

05:56:45 (null) MESSAGE Protection started successfully

05:57:51 jfischer MESSAGE IP Protection started successfully

06:19:45 (null) MESSAGE Protection started successfully

06:21:05 jfischer MESSAGE IP Protection started successfully

06:21:16 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

06:21:25 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

06:21:37 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

06:21:40 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

06:21:46 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

06:31:59 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

06:32:01 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

06:32:07 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

06:32:19 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

06:32:22 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

06:32:29 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

07:14:30 jfischer MESSAGE Protection started successfully

07:14:49 jfischer MESSAGE IP Protection started successfully

07:28:55 (null) MESSAGE Protection started successfully

07:31:58 jfischer MESSAGE IP Protection started successfully

09:05:33 jfischer MESSAGE Protection started successfully

09:05:39 jfischer MESSAGE IP Protection started successfully

09:12:45 jfischer MESSAGE IP Protection stopped

09:12:47 jfischer MESSAGE IP Protection started successfully

09:12:47 jfischer MESSAGE IP Protection stopped

09:12:48 jfischer MESSAGE IP Protection started successfully

09:12:57 jfischer MESSAGE IP Protection stopped

09:12:58 jfischer MESSAGE IP Protection started successfully

09:12:58 jfischer MESSAGE IP Protection stopped

09:13:00 jfischer MESSAGE IP Protection started successfully

10:19:14 jfischer MESSAGE IP Protection stopped

10:19:22 jfischer MESSAGE Database updated successfully

10:19:28 jfischer MESSAGE IP Protection started successfully

10:20:01 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:20:04 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:20:10 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:20:22 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:20:25 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:20:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:20:43 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:20:46 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:20:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:21:04 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:21:07 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:21:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:21:25 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:21:28 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:21:34 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:24:02 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

10:24:05 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

10:24:11 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

10:47:07 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:47:10 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:47:16 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:47:28 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:47:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:47:37 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:47:49 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:47:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:47:58 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:48:10 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:48:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:48:19 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:48:31 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:48:34 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:48:40 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:56:39 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:56:42 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:56:48 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:57:00 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:57:03 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:57:09 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:57:21 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:57:24 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:57:30 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

10:57:42 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:57:45 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:57:51 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

10:58:03 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:58:06 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:58:12 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

10:59:08 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

10:59:11 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

10:59:17 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

10:59:29 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

10:59:32 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

10:59:38 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

11:07:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:07:34 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:07:40 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:07:42 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:07:45 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:07:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:07:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:07:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:08:01 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:08:03 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:08:06 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:08:12 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:08:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:08:16 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:08:22 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:08:24 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:33 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:34 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:08:37 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:08:43 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:08:45 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:54 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:08:55 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:08:58 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:09:04 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:09:06 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:09:09 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:09:15 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:09:27 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:09:30 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:09:36 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:09:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:09:51 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:09:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:09:54 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:09:57 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:10:00 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:10:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:10:12 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

11:10:12 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:10:15 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

11:10:18 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:10:21 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

11:10:30 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:10:33 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:10:39 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:10:51 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:10:54 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:11:00 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:11:12 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:15 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:21 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:33 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:36 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:43 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:11:55 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:11:58 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:12:04 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:12:16 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:12:19 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:12:25 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:12:37 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:12:40 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:12:46 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:12:58 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:13:01 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:13:07 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:13:19 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:13:22 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:13:28 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:13:40 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:13:43 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:13:49 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

11:14:01 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:14:04 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:14:10 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

11:14:22 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:14:25 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:14:31 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:14:43 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:14:46 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:14:52 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

11:15:04 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:15:07 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:15:13 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

11:20:33 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:20:36 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:20:42 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:24:48 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

11:24:51 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

11:24:57 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

11:30:54 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

11:30:57 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

11:31:03 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

11:31:15 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:31:18 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:31:23 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:31:24 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:31:26 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:31:32 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:31:44 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:31:47 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:31:53 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:32:05 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:32:08 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:32:14 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:32:26 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:32:29 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:32:35 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:32:47 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:32:50 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:32:56 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:41:37 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

11:41:40 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

11:41:46 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

11:51:58 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:52:01 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:52:07 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

11:52:19 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

11:52:22 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

11:52:28 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

11:56:27 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:56:30 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:56:36 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:56:48 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:56:51 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:56:57 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:57:09 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:57:12 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:57:18 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

11:57:30 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:57:33 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:57:39 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

11:57:51 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:57:54 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

11:58:00 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:02:40 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

12:02:43 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

12:02:49 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

12:03:01 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:03:04 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:03:10 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:05:49 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:05:52 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:05:58 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:06:10 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:06:13 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:06:19 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:06:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:06:34 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:06:40 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:06:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:06:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:07:01 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:07:13 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:07:16 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:07:22 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:13:22 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:13:25 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:13:31 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:23:43 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

12:23:46 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

12:23:52 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

12:24:04 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:24:07 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:24:13 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:24:38 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

12:24:41 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

12:24:47 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

12:34:24 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:26 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:27 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

12:34:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:29 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:29 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

12:34:33 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:35 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:35 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

12:34:45 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:47 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:50 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:54 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:54 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:34:56 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:34:57 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:35:03 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:35:06 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:08 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:11 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:15 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:15 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:35:17 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:18 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:35:24 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:35:27 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:29 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:35:30 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:35:36 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:35:36 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:35:38 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:35:39 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:35:45 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:45 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

12:35:47 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:48 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:50 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:54 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:56 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:35:57 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:36:00 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:36:06 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:06 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

12:36:08 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:09 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:11 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:15 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:17 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:18 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:36:21 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:36:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:27 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

12:36:29 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:30 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:36 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:38 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:50 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:53 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:36:57 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:36:59 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:37:06 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:08 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:11 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:15 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:17 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:37:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:29 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:30 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:36 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:38 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:50 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:53 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:57 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:37:59 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:38:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:11 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:12 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:14 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:18 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:20 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:30 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:38:33 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:35 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:38:39 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:38:41 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:38:49 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:38:50 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:38:52 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:38:53 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:38:58 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:38:59 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:39:10 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:11 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:13 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:14 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:19 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:20 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

12:39:31 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:39:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:39:34 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:39:35 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:39:40 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:39:41 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:44:11 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:44:14 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:44:20 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:44:32 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:44:35 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:44:41 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

12:44:53 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:44:56 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:45:02 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

12:45:14 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:45:17 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:45:23 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

12:55:09 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:55:12 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

12:55:18 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:05:30 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:05:33 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:05:39 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:05:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:05:58 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:06:04 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:06:16 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:06:19 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:06:25 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:06:37 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:06:40 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:06:46 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:06:58 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:07:01 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:07:07 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:07:19 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:07:22 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:07:28 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:15:51 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:15:54 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:16:00 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:24:01 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

13:24:04 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

13:24:10 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

13:26:12 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:26:15 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:26:21 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:38:11 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:38:13 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:38:19 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:38:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:38:34 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:38:40 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:38:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:38:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:39:01 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:39:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:39:16 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:39:22 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:39:34 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:39:37 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:39:43 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:47:54 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

13:47:57 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

13:48:03 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

13:48:15 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:48:18 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:48:24 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:50:42 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:50:45 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:50:51 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:51:04 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:51:07 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:51:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:51:25 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:51:28 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:51:34 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

13:51:46 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:51:49 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:51:55 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

13:52:07 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:52:10 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:52:16 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

13:58:36 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:58:39 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:58:45 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

13:58:57 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

13:59:00 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

13:59:06 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

14:09:18 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:09:21 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:09:27 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:11:44 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:11:47 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:11:53 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:12:05 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:12:08 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:12:14 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:12:26 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:12:29 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:12:35 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:12:47 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:12:50 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:12:56 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:13:08 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:13:11 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:13:17 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:19:39 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:19:42 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:19:48 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:20:00 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

14:20:03 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

14:20:09 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

14:24:03 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

14:24:06 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

14:24:12 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

14:26:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:26:58 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:27:04 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:27:16 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:27:19 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:27:25 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:27:37 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:27:40 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:27:46 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:27:58 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:28:01 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:28:07 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:28:19 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:28:22 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:28:28 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:30:22 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

14:30:25 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

14:30:31 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

14:40:43 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:40:46 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:40:52 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:41:04 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

14:41:07 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

14:41:13 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

14:48:23 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:48:26 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:48:32 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:48:44 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:48:47 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:48:53 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:49:05 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:49:08 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:49:14 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

14:49:26 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:49:29 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:49:35 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

14:49:47 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:49:50 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:49:56 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

14:51:25 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:51:28 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:51:34 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

14:51:46 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

14:51:49 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

14:51:55 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

15:02:07 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:02:10 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:02:16 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:04:15 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:04:18 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:04:24 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:04:36 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:04:39 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:04:45 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:04:57 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:05:00 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:05:06 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:05:18 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:05:21 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:05:27 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:05:39 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:05:42 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:05:48 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:12:28 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:12:31 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:12:37 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:12:49 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

15:12:52 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

15:12:58 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

15:23:10 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

15:23:13 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

15:23:19 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

15:24:02 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

15:24:05 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

15:24:11 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

15:39:21 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:39:24 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:39:30 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:39:42 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:39:45 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:39:51 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:40:03 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:40:06 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:40:12 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:40:24 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:40:27 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:40:33 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:40:45 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:40:48 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:40:54 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:43:52 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:43:55 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:44:01 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:49:31 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:49:34 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:49:40 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:49:52 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:49:55 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:50:01 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:50:13 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:50:16 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:50:22 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

15:50:34 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:50:37 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:50:43 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

15:50:55 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:50:58 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:51:04 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

15:54:13 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:54:16 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

15:54:22 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:17:03 (null) MESSAGE Protection started successfully

16:19:09 jfischer MESSAGE IP Protection started successfully

16:19:14 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:19:23 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:19:35 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

16:19:38 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

16:19:44 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

16:24:03 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

16:24:06 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

16:24:12 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

16:25:14 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:25:17 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:25:23 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:25:35 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:25:38 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:25:44 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:25:56 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:25:59 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:26:05 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:26:17 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:26:20 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:26:26 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:26:38 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

16:26:41 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

16:26:47 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

16:29:57 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:30:00 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:30:06 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:30:18 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

16:30:21 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

16:30:27 jfischer IP-BLOCK 194.28.113.21 (Type: outgoing)

16:37:49 jfischer MESSAGE Protection started successfully

16:39:07 jfischer MESSAGE IP Protection started successfully

16:39:33 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:39:36 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:39:42 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

16:39:54 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

16:40:03 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

16:41:02 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:05 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:11 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:23 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:23 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:26 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:32 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:41:45 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:41:45 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:41:48 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:41:48 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:41:54 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:41:54 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:42:06 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:06 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:09 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:09 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:15 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:15 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:24 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:28 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:42:30 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:42:33 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:36 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:42:45 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:42:48 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:42:49 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:52 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:42:54 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:42:58 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:06 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:09 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:10 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:43:13 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:43:15 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:19 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:43:24 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:43:27 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:43:31 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:33 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:43:34 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:39 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:45 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:52 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:54 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:43:55 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:01 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:06 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:13 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:15 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:16 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:22 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:44:27 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:30 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:34 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:44:36 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:37 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:44:43 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:44:48 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:55 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:57 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:44:58 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:04 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:09 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:45:12 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:45:16 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:45:18 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:45:19 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:45:25 jfischer IP-BLOCK 194.8.251.136 (Type: outgoing)

16:45:30 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:45:33 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:45:37 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:39 jfischer IP-BLOCK 194.8.251.137 (Type: outgoing)

16:45:40 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:46 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:51 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:54 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:45:58 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:46:00 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:46:00 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:46:01 jfischer IP-BLOCK 194.8.251.138 (Type: outgoing)

16:46:03 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:46:06 jfischer IP-BLOCK 212.117.177.13 (Type: outgoing)

16:46:09 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:46:21 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:46:24 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:46:30 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:46:42 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:46:45 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:46:51 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

16:47:03 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:47:06 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

16:47:12 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:17:38 jfischer MESSAGE Protection started successfully

18:17:46 jfischer MESSAGE IP Protection started successfully

18:50:01 (null) MESSAGE Protection started successfully

18:50:40 jfischer MESSAGE IP Protection started successfully

18:51:44 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

18:51:47 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

18:51:53 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

18:52:05 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

18:52:08 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

18:52:14 jfischer IP-BLOCK 194.28.113.23 (Type: outgoing)

18:58:42 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:58:45 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:58:51 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:59:03 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

18:59:06 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

18:59:12 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

18:59:24 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:59:27 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:59:33 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

18:59:45 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

18:59:48 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

18:59:54 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:00:06 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

19:00:09 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

19:00:15 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

19:22:26 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

19:22:29 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

19:22:35 jfischer IP-BLOCK 91.212.226.5 (Type: outgoing)

19:22:47 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

19:22:50 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

19:22:56 jfischer IP-BLOCK 194.28.113.22 (Type: outgoing)

19:24:01 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

19:24:04 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

19:24:10 jfischer IP-BLOCK 91.217.162.175 (Type: outgoing)

19:31:47 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:31:50 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:31:56 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:32:08 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:32:11 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:32:17 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:32:29 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:32:32 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:32:38 jfischer IP-BLOCK 194.60.205.222 (Type: outgoing)

19:32:50 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:32:53 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:32:59 jfischer IP-BLOCK 89.187.53.53 (Type: outgoing)

19:33:08 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

19:33:11 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

19:33:11 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

19:33:14 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

19:33:17 jfischer IP-BLOCK 194.28.113.20 (Type: outgoing)

19:33:20 jfischer IP-BLOCK 194.60.205.224 (Type: outgoing)

Attach.zip

ark.zip

Link to post
Share on other sites

Hello jfischer! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Borislav, Thank you for your response. I did as you instructed. Below you will find the two logs. John

DDS (Ver_10-11-27.01) - NTFSx86

Run by jfischer at 10:58:52.09 on Wed 12/01/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1383 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft SQL Server_vast\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asOELnch.exe

C:\Documents and Settings\jfischer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [Google Update] "c:\documents and settings\jfischer\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /runonce

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: bmnet.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

Hosts: 192.168.1.105 HP0017A4286584

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-26 217032]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-12-1 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-12-1 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-12-1 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-12-1 116784]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-15 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-26 363344]

R2 MSSQL$VASTPOS;SQL Server (VASTPOS);c:\program files\microsoft sql server_vast\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-12-1 126392]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2006-2-14 103936]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2009-9-24 17664]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-30 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101130.001\IDSXpx86.sys [2010-10-19 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-26 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101130.041\NAVENG.SYS [2010-12-1 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101130.041\NAVEX15.SYS [2010-12-1 1371184]

R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2008-4-2 44288]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-5-19 121344]

S3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-26 112592]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 EMP_UDSA;EMP_UDSA;c:\program files\epson projector\epson usb display v1.4\EMP_UDSA.exe [2009-9-24 94208]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 SessionLauncher;SessionLauncher;c:\docume~1\jfischer\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\jfischer\locals~1\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2010-12-01 15:46:35 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys

2010-12-01 15:46:35 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys

2010-12-01 15:46:35 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys

2010-12-01 15:46:35 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys

2010-12-01 15:46:35 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys

2010-12-01 15:46:34 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys

2010-12-01 15:46:34 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys

2010-12-01 15:46:34 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys

2010-12-01 15:45:28 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005

2010-11-30 21:42:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-30 21:42:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-11-30 16:26:36 339504 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys

2010-11-30 16:26:35 361904 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdi.sys

2010-11-30 16:26:35 173104 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symefa.sys

2010-11-30 16:26:34 43696 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtspx.sys

2010-11-30 16:26:34 328752 ----a-r- c:\windows\system32\drivers\n360\0402000.00c\symds.sys

2010-11-30 16:26:33 325680 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtsp.sys

2010-11-30 16:26:33 116784 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys

2010-11-30 16:26:32 501888 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys

2010-11-30 16:24:24 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C

2010-11-30 16:02:51 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Temp

2010-11-30 16:01:56 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Google

2010-11-30 15:49:15 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\Threat Expert

2010-11-30 11:05:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-30 11:05:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-30 11:04:48 -------- d-----w- c:\windows\system32\drivers\N360

2010-11-30 11:04:45 -------- d-----w- c:\program files\Norton Security Suite

2010-11-30 11:04:29 -------- d-----w- c:\program files\NortonInstaller

2010-11-30 11:04:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-11-30 11:02:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-11-29 20:22:33 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-29 20:22:33 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-29 20:17:29 -------- d-----w- c:\docume~1\jfischer\applic~1\PC Tools

2010-11-29 20:17:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-11-27 04:44:15 -------- d-----w- c:\program files\iPod

2010-11-27 04:44:10 -------- d-----w- c:\program files\iTunes

2010-11-26 20:31:46 -------- d-----w- c:\docume~1\jfischer\applic~1\Malwarebytes

2010-11-26 20:31:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 20:31:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 20:31:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 20:31:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-26 19:37:51 388096 ----a-r- c:\docume~1\jfischer\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-26 19:37:50 -------- d-----w- c:\program files\Trend Micro

2010-11-26 18:54:18 767952 ----a-w- c:\windows\BDTSupport.dll

2010-11-26 18:54:17 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-11-26 18:54:16 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-11-26 18:54:16 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-11-26 18:54:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-26 18:53:46 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-26 18:53:46 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-26 18:53:13 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-26 18:52:21 -------- d-----w- c:\program files\Spyware Doctor

2010-11-26 18:52:21 -------- d-----w- c:\program files\common files\PC Tools

2010-11-26 18:03:59 0 ----a-w- c:\windows\Tkupaponaduqiru.bin

2010-11-26 18:03:56 -------- d-----w- c:\docume~1\jfischer\locals~1\applic~1\{84638F2D-79CD-4947-A123-C17E7786B75C}

2010-11-20 17:21:16 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-11-20 17:20:06 -------- d-----w- c:\windows\Logs

2010-11-20 17:16:20 -------- d-----w- c:\program files\Sony

2010-11-20 17:16:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sony Corporation

2010-11-20 17:14:56 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2010-11-20 17:14:56 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2010-11-20 17:14:56 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-11-20 17:14:56 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2010-11-20 17:14:56 317952 ------w- c:\windows\system32\imapi2.dll

2010-11-10 21:41:58 -------- d-----w- c:\program files\Bonjour

2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2010-11-04 21:56:52 28472 ----a-w- c:\program files\mozilla firefox\plugins\webex\932\atgpcdec.dll

2010-11-04 21:56:52 239496 ----a-w- c:\program files\mozilla firefox\plugins\webex\932\atgpcext.dll

==================== Find3M ====================

2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 16:09:28 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll

2010-09-15 16:09:24 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HS122JC rev.GQ100-05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8A5E2446]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5e8504]; MOV EAX, [0x8a5e8580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A584AB8]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A62DBD8]

5 PCTCore[0xB9E60AC6] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A5F1940]

\Driver\atapi[0x8A68C538] -> IRP_MJ_CREATE -> 0x8A5E2446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HS122JC_________________________GQ100-05#5&2f7712b7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A5E2292

user != kernel MBR !!!

sectors 234441646 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 11:01:57.40 ===============

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5226

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/1/2010 10:46:16 AM

mbam-log-2010-12-01 (10-46-16).txt

Scan type: Quick scan

Objects scanned: 158944

Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Thanks!

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Here is the TDSSKILLER log:

2010/12/01 14:44:18.0718 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56

2010/12/01 14:44:18.0718 ================================================================================

2010/12/01 14:44:18.0718 SystemInfo:

2010/12/01 14:44:18.0718

2010/12/01 14:44:18.0718 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/01 14:44:18.0718 Product type: Workstation

2010/12/01 14:44:18.0718 ComputerName: JOHN-D430

2010/12/01 14:44:18.0718 UserName: jfischer

2010/12/01 14:44:18.0718 Windows directory: C:\WINDOWS

2010/12/01 14:44:18.0718 System windows directory: C:\WINDOWS

2010/12/01 14:44:18.0718 Processor architecture: Intel x86

2010/12/01 14:44:18.0718 Number of processors: 2

2010/12/01 14:44:18.0718 Page size: 0x1000

2010/12/01 14:44:18.0718 Boot type: Normal boot

2010/12/01 14:44:18.0718 ================================================================================

2010/12/01 14:44:19.0343 Initialize success

2010/12/01 14:44:38.0578 ================================================================================

2010/12/01 14:44:38.0578 Scan started

2010/12/01 14:44:38.0578 Mode: Manual;

2010/12/01 14:44:38.0578 ================================================================================

2010/12/01 14:44:40.0109 ACGPRS (599a126109bfca4b89c1ed01b78ba068) C:\WINDOWS\system32\DRIVERS\acgprs.sys

2010/12/01 14:44:40.0156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/01 14:44:40.0234 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/01 14:44:40.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/01 14:44:40.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/01 14:44:40.0609 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/12/01 14:44:40.0703 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2010/12/01 14:44:40.0765 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/01 14:44:40.0906 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/12/01 14:44:40.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/01 14:44:40.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/01 14:44:41.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/01 14:44:41.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/01 14:44:41.0218 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/12/01 14:44:41.0296 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

2010/12/01 14:44:41.0421 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/01 14:44:41.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/01 14:44:41.0812 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys

2010/12/01 14:44:41.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/01 14:44:41.0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/01 14:44:42.0078 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2010/12/01 14:44:42.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/01 14:44:42.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/01 14:44:42.0281 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/01 14:44:42.0406 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/01 14:44:42.0500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/01 14:44:42.0625 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys

2010/12/01 14:44:42.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/01 14:44:42.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/01 14:44:42.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/01 14:44:42.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/01 14:44:42.0968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/01 14:44:43.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/01 14:44:43.0171 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/01 14:44:43.0234 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys

2010/12/01 14:44:43.0312 eppvad_simple (802f427a85feb7cc5f63587f82e4479e) C:\WINDOWS\system32\drivers\EMP_UDAU.sys

2010/12/01 14:44:43.0359 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/01 14:44:43.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/01 14:44:43.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/01 14:44:43.0640 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys

2010/12/01 14:44:43.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/01 14:44:43.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/01 14:44:43.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/12/01 14:44:43.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/01 14:44:43.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/01 14:44:43.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/12/01 14:44:43.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/01 14:44:43.0937 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys

2010/12/01 14:44:44.0000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/01 14:44:44.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/01 14:44:44.0140 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/12/01 14:44:44.0250 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/12/01 14:44:44.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/01 14:44:44.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/01 14:44:44.0734 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/12/01 14:44:45.0203 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101130.001\IDSxpx86.sys

2010/12/01 14:44:45.0343 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/01 14:44:45.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/01 14:44:45.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/12/01 14:44:45.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/01 14:44:45.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/01 14:44:45.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/01 14:44:45.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/01 14:44:45.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/01 14:44:45.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/01 14:44:45.0906 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/01 14:44:45.0968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/01 14:44:46.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/01 14:44:46.0109 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/01 14:44:46.0265 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/12/01 14:44:46.0312 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2010/12/01 14:44:46.0375 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2010/12/01 14:44:46.0406 MBAMProtector (9b5cc6c481bdd00a963829b892623247) C:\WINDOWS\system32\drivers\mbam.sys

2010/12/01 14:44:46.0468 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/12/01 14:44:46.0546 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/12/01 14:44:46.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/01 14:44:46.0703 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/01 14:44:46.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/01 14:44:46.0781 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/01 14:44:46.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/01 14:44:46.0859 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

2010/12/01 14:44:46.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/01 14:44:47.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/01 14:44:47.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/01 14:44:47.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/01 14:44:47.0171 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/01 14:44:47.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/01 14:44:47.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/01 14:44:47.0296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/01 14:44:47.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/01 14:44:47.0359 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/01 14:44:47.0718 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101201.003\NAVENG.SYS

2010/12/01 14:44:47.0828 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101201.003\NAVEX15.SYS

2010/12/01 14:44:47.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/01 14:44:47.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/01 14:44:48.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/01 14:44:48.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/01 14:44:48.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/01 14:44:48.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/01 14:44:48.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/01 14:44:48.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/01 14:44:48.0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/01 14:44:48.0359 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/01 14:44:48.0421 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/01 14:44:48.0484 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/12/01 14:44:48.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/01 14:44:48.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/01 14:44:48.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/01 14:44:48.0718 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/01 14:44:48.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/01 14:44:48.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/01 14:44:48.0875 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/01 14:44:48.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/01 14:44:48.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/01 14:44:49.0000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/01 14:44:49.0062 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/12/01 14:44:49.0109 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS

2010/12/01 14:44:49.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/01 14:44:49.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/01 14:44:49.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/01 14:44:49.0468 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/01 14:44:49.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/01 14:44:49.0703 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/01 14:44:49.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/01 14:44:49.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/01 14:44:49.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/01 14:44:49.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/01 14:44:49.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/01 14:44:49.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/01 14:44:50.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/01 14:44:50.0031 RimSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/12/01 14:44:50.0062 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/12/01 14:44:50.0125 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/12/01 14:44:50.0234 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys

2010/12/01 14:44:50.0296 scrswi (8cd59bb2443ec91091037c0e5decc491) C:\WINDOWS\system32\DRIVERS\scrswi.sys

2010/12/01 14:44:50.0375 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/12/01 14:44:50.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/01 14:44:50.0500 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/01 14:44:50.0531 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/01 14:44:50.0578 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/01 14:44:50.0703 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/01 14:44:50.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/01 14:44:50.0875 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/01 14:44:50.0984 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2010/12/01 14:44:51.0015 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2010/12/01 14:44:51.0078 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/01 14:44:51.0203 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2010/12/01 14:44:51.0265 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2010/12/01 14:44:51.0359 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/01 14:44:51.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/01 14:44:51.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/01 14:44:51.0515 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys

2010/12/01 14:44:51.0734 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2010/12/01 14:44:51.0812 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2010/12/01 14:44:51.0859 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/01 14:44:51.0906 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2010/12/01 14:44:51.0937 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2010/12/01 14:44:52.0015 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/01 14:44:52.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/01 14:44:52.0171 tcpipBM (9b05aa8089f4ea1bc31208ede33969f3) C:\WINDOWS\system32\drivers\tcpipBM.sys

2010/12/01 14:44:52.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/01 14:44:52.0265 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/01 14:44:52.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/01 14:44:52.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/01 14:44:52.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/01 14:44:52.0656 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/01 14:44:52.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/01 14:44:52.0843 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/01 14:44:52.0937 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/01 14:44:52.0984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/01 14:44:53.0031 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/01 14:44:53.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/01 14:44:53.0109 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/01 14:44:53.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/01 14:44:53.0218 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/12/01 14:44:53.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/01 14:44:53.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/01 14:44:53.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/01 14:44:53.0484 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/12/01 14:44:53.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/01 14:44:53.0640 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/12/01 14:44:53.0781 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/12/01 14:44:53.0843 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/01 14:44:53.0906 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/01 14:44:54.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/01 14:44:54.0046 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/01 14:44:54.0140 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/01 14:44:54.0140 ================================================================================

2010/12/01 14:44:54.0140 Scan finished

2010/12/01 14:44:54.0140 ================================================================================

2010/12/01 14:44:54.0156 Detected object count: 1

2010/12/01 14:45:11.0171 \HardDisk0 - will be cured after reboot

2010/12/01 14:45:11.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/01 14:45:28.0421 Deinitialize success

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Here is the combofix log:

ComboFix 10-11-30.09 - jfischer 12/01/2010 15:34:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1215 [GMT -5:00]

Running from: c:\documents and settings\jfischer\My Documents\Combo-Fix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\jfischer\Desktop\Internet Explorer.lnk

c:\documents and settings\jfischer\g2mdlhlpx.exe

c:\documents and settings\jfischer\Local Settings\Application Data\{84638F2D-79CD-4947-A123-C17E7786B75C}

c:\documents and settings\jfischer\Local Settings\Application Data\{84638F2D-79CD-4947-A123-C17E7786B75C}\chrome.manifest

c:\documents and settings\jfischer\Local Settings\Application Data\{84638F2D-79CD-4947-A123-C17E7786B75C}\chrome\content\_cfg.js

c:\documents and settings\jfischer\Local Settings\Application Data\{84638F2D-79CD-4947-A123-C17E7786B75C}\chrome\content\overlay.xul

c:\documents and settings\jfischer\Local Settings\Application Data\{84638F2D-79CD-4947-A123-C17E7786B75C}\install.rdf

C:\Thumbs.db

c:\windows\system32\bszip.dll

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At25.job

c:\windows\Tasks\At26.job

c:\windows\Tasks\At27.job

c:\windows\Tasks\At28.job

c:\windows\Tasks\At29.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At30.job

c:\windows\Tasks\At31.job

c:\windows\Tasks\At32.job

c:\windows\Tasks\At33.job

c:\windows\Tasks\At34.job

c:\windows\Tasks\At35.job

c:\windows\Tasks\At36.job

c:\windows\Tasks\At37.job

c:\windows\Tasks\At38.job

c:\windows\Tasks\At39.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At40.job

c:\windows\Tasks\At41.job

c:\windows\Tasks\At42.job

c:\windows\Tasks\At43.job

c:\windows\Tasks\At44.job

c:\windows\Tasks\At45.job

c:\windows\Tasks\At46.job

c:\windows\Tasks\At47.job

c:\windows\Tasks\At48.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))

.

2010-11-30 23:38 . 2010-11-30 23:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-11-30 21:42 . 2010-11-30 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-30 21:42 . 2010-11-30 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-30 16:02 . 2010-11-30 16:03 -------- d-----w- c:\documents and settings\jfischer\Local Settings\Application Data\Temp

2010-11-30 16:01 . 2010-11-30 16:04 -------- d-----w- c:\documents and settings\jfischer\Local Settings\Application Data\Google

2010-11-30 15:49 . 2010-11-30 15:49 -------- d-----w- c:\documents and settings\jfischer\Local Settings\Application Data\Threat Expert

2010-11-30 14:48 . 2010-11-30 16:41 -------- d-----w- c:\documents and settings\Administrator

2010-11-30 11:05 . 2010-11-30 11:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-30 11:05 . 2010-11-30 11:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-30 11:04 . 2010-12-01 17:21 -------- d-----w- c:\windows\system32\drivers\N360

2010-11-30 11:04 . 2010-11-30 11:04 -------- d-----w- c:\program files\Norton Security Suite

2010-11-30 11:04 . 2010-11-30 11:04 -------- d-----w- c:\program files\Windows Sidebar

2010-11-30 11:04 . 2010-11-30 11:04 -------- d-----w- c:\program files\NortonInstaller

2010-11-30 11:02 . 2010-11-30 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-11-29 20:22 . 2010-11-29 20:22 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-29 20:18 . 2010-11-29 20:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2010-11-29 20:17 . 2010-11-29 20:17 -------- d-----w- c:\documents and settings\jfischer\Application Data\PC Tools

2010-11-29 20:17 . 2010-11-29 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-11-27 04:44 . 2010-11-29 20:20 -------- d-----w- c:\program files\iPod

2010-11-27 04:44 . 2010-11-29 20:21 -------- d-----w- c:\program files\iTunes

2010-11-26 20:31 . 2010-11-26 20:31 -------- d-----w- c:\documents and settings\jfischer\Application Data\Malwarebytes

2010-11-26 20:31 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 20:31 . 2010-11-30 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 20:31 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 20:31 . 2010-11-26 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-26 19:37 . 2010-11-26 19:37 388096 ----a-r- c:\documents and settings\jfischer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-26 19:37 . 2010-11-26 19:37 -------- d-----w- c:\program files\Trend Micro

2010-11-26 18:54 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll

2010-11-26 18:54 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-11-26 18:54 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-11-26 18:54 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-11-26 18:54 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-26 18:53 . 2010-03-10 16:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-26 18:53 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-26 18:53 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-26 18:52 . 2010-11-29 20:17 -------- d-----w- c:\program files\Spyware Doctor

2010-11-26 18:52 . 2010-11-29 16:23 -------- d-----w- c:\program files\Common Files\PC Tools

2010-11-26 18:03 . 2010-11-29 13:37 0 ----a-w- c:\windows\Tkupaponaduqiru.bin

2010-11-20 17:21 . 2010-11-20 17:21 -------- d-----w- c:\documents and settings\jfischer\Application Data\Sony Corporation

2010-11-20 17:21 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-11-20 17:20 . 2010-11-20 17:20 -------- d-----w- c:\windows\Logs

2010-11-20 17:16 . 2010-11-20 17:16 -------- d-----w- c:\program files\Sony

2010-11-20 17:16 . 2010-11-20 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2010-11-20 17:14 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2010-11-20 17:14 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-11-20 17:14 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2010-11-20 17:14 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2010-11-20 17:14 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2010-11-10 21:41 . 2010-11-10 21:41 -------- d-----w- c:\program files\Bonjour

2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2010-11-04 21:56 . 2010-11-04 21:56 28472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\932\atgpcdec.dll

2010-11-04 21:56 . 2010-11-04 21:56 239496 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\932\atgpcext.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-28 20:44 . 2009-07-02 20:20 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-28 20:44 . 2009-07-02 20:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-18 16:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 16:09 . 2010-10-07 16:20 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll

2010-09-15 16:09 . 2010-10-07 16:20 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll

2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2008-02-11 16:39 . 2008-02-11 16:39 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-02-11 16:39 . 2008-02-11 16:39 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-02-11 16:43 . 2008-02-11 16:43 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2010-04-15 13:57 . 2010-04-15 13:57 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-05-10 39816]

"Google Update"="c:\documents and settings\jfischer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-30 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-10 442368]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-06-30 16:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jfischer^Start Menu^Programs^Startup^eFax 4.4.lnk]

path=c:\documents and settings\jfischer\Start Menu\Programs\Startup\eFax 4.4.lnk

backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-07-02 17:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]

2009-05-19 18:56 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]

2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON_UD_START]

2008-05-22 13:32 329632 ----a-w- c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

2002-08-14 19:21 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]

2009-07-01 02:14 31552 ----a-w- c:\program files\Citrix\GoToMeeting\366\g2mstart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-03-31 00:00 162584 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-03-31 00:00 138008 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-11-21 21:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-08-11 17:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v2]

2004-11-10 19:38 442368 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-03-30 23:59 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2008-05-14 14:31 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-12 02:24 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]

2009-01-27 20:18 425472 ----a-w- c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]

2009-01-27 20:21 2143232 ----a-w- c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TranscodingService]

2009-01-27 20:03 520192 ----a-w- c:\program files\TiVo\Desktop\TranscodingService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2006-11-06 18:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\InterBase Corp\\InterBase\\bin\\ibserver.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AT&T\\Communication Manager\\bmop.exe"=

"c:\\Documents and Settings\\jfischer\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1042:TCP"= 1042:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/26/2010 1:53 PM 217032]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [12/1/2010 10:46 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [12/1/2010 10:46 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/4/2010 3:02 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [12/1/2010 10:46 AM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [12/1/2010 10:46 AM 116784]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 7:00 AM 14336]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/26/2010 3:31 PM 363344]

R2 MSSQL$VASTPOS;SQL Server (VASTPOS);c:\program files\Microsoft SQL Server_vast\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [12/1/2010 10:45 AM 126392]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]

R3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2/14/2006 3:07 PM 103936]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [9/24/2009 10:06 AM 17664]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/30/2010 6:08 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 3:36 PM 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/26/2010 3:31 PM 20952]

R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [4/2/2008 1:58 PM 44288]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/26/2010 3:31 PM 38224]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 9:32 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 9:32 AM 166384]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [5/19/2009 1:57 PM 121344]

S3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/26/2010 1:54 PM 112592]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 9:31 AM 1120752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [9/24/2009 10:06 AM 94208]

S4 SessionLauncher;SessionLauncher;c:\docume~1\jfischer\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\jfischer\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2003-08-26 c:\windows\Tasks\CommShop Receive PUT.job

- c:\vast\CommShop.exe [2009-04-08 18:03]

2003-08-26 c:\windows\Tasks\CommShop Send EOD.job

- c:\vast\CommShop.exe [2009-04-08 18:03]

2003-08-21 c:\windows\Tasks\compactdb.job

- c:\vast\CompactDB.exe [2008-08-10 19:58]

2003-08-21 c:\windows\Tasks\Credit Process.job

- c:\vast\midascrd.exe [2006-12-30 15:32]

2003-08-21 c:\windows\Tasks\Daily Update Process.job

- c:\vast\Put.exe [2009-07-21 02:35]

2003-08-21 c:\windows\Tasks\DBBackUp.job

- c:\vast\DBBackUp.exe [2007-11-26 14:52]

2003-08-21 c:\windows\Tasks\EOD.job

- c:\vast\EOD.exe [2009-11-09 17:58]

2003-08-21 c:\windows\Tasks\EOM.job

- c:\vast\EOD.exe [2009-11-09 17:58]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1957994488-1606980848-1003Core.job

- c:\documents and settings\jfischer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 16:01]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1957994488-1606980848-1003UA.job

- c:\documents and settings\jfischer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 16:01]

2009-07-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 21:08]

2008-05-06 c:\windows\Tasks\RepairDB.job

- c:\vast\Repairdb.exe [2008-08-10 19:58]

2003-08-21 c:\windows\Tasks\Sunday Update Process.job

- c:\vast\Put.exe [2009-07-21 02:35]

2010-12-01 c:\windows\Tasks\User_Feed_Synchronization-{5146EB54-E745-43BF-9044-18EB746CD3E4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: bmnet.dll

Trusted Zone: intuit.com\ttlc

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

AddRemove-SalesLogix - c:\program files\Common Files\PUMATECH Shared\Connectors\SalesLogix\SalesLogixUninstall

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-01 15:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1957994488-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{815AFAB9-556E-0DE4-A5B4-F8BB2F9FBF61}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iacdhgjlghmmlnhbgk"=hex:69,61,64,70,6b,68,6a,6d,68,69,6c,66,6d,6a,64,65,6d,6d,

00,00

"hamgnfmghijkagkb"=hex:69,61,64,70,6b,68,6a,6d,68,69,6c,66,6d,6a,64,65,6d,6d,

00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\gpkcsp.dll

c:\windows\system32\gpkrsrc.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(956)

c:\windows\system32\bmnet.dll

.

Completion time: 2010-12-01 15:53:56

ComboFix-quarantined-files.txt 2010-12-01 20:53

Pre-Run: 21,448,695,808 bytes free

Post-Run: 21,588,594,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 13B65020DC3BF9E25480BA99BF19D549

Link to post
Share on other sites

Good job! ;)

Last steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete TDSSKiller, DDS and GMER.

Step 3

Please keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :D

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.