Jump to content

Java fake


Guest name cool
 Share

Recommended Posts

Guest name cool

When browsing the Internet. Experience one of the sites that force me to install add "Java". And when I try to get out of this site gives me the installer is just like Java. And when I get to install the installer. Became the "Internet Explorer" opens blank pages so much

Logfile of Trend Micro HijackThis v2.0.2Today.

Scan saved at 12:43:37 PM, on 12/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesHotspot Shieldbinopenvpnas.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32rundll32.exe

C:Program FilesHotspot ShieldHssWPRhsssrv.exe

C:Documents and SettingsBTC UserApplication Data819FF54CE0926D65310B91B7869A1C57boxtechsetup700.exe

C:Program FilesHotspot Shieldbinhsswd.exe

C:Program FilesJavajre6binjqs.exe

C:Program FilesTuneUp Utilities 2011TuneUpUtilitiesService32.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesTuneUp Utilities 2011TuneUpUtilitiesApp32.exe

C:WINDOWSsystem32wscntfy.exe

C:Program FilesHotspot Shieldbinopenvpntray.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:Program FilesHotspot ShieldHssIEHssIE.dll

O4 - HKLM..Run: [ecoxmasrwn.tmp] "C:DOCUME~1BTCUSE~1LOCALS~1Tempecoxmasrwn.tmp"

O4 - HKLM..Run: [Hlupajifohavonax] rundll32.exe "C:WINDOWSusehisiq.dll",Startup

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gzajij] rundll32.exe "C:WINDOWSWMNCotfa.dll",Startup

O4 - HKCU..Run: [OW1T3CYG7T] C:WINDOWSKsogea.exe

O4 - HKCU..Run: [boxtechsetup700.exe] C:Documents and SettingsBTC UserApplication Data819FF54CE0926D65310B91B7869A1C57boxtechsetup700.exe

O4 - HKCU..Run: [JP595IR86O] C:DOCUME~1BTCUSE~1LOCALS~1TempKqz.exe

O4 - Startup: Antimalware Doctor.lnk = C:Documents and SettingsBTC UserApplication Data819FF54CE0926D65310B91B7869A1C57boxtechsetup700.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:Program FilesHotspot Shieldbinopenvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:Program FilesHotspot ShieldHssWPRhsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:Program FilesHotspot ShieldbinHssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:Program FilesHotspot Shieldbinhsswd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:Program FilesTuneUp Utilities 2011TuneUpUtilitiesService32.exe

--

End of file - 2926 bytes

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5236

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/4/2010 1:32:15 PM

mbam-log-2010-12-04 (13-32-15).txt

Scan type: Full scan (C:|)

Objects scanned: 152854

Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 2

Registry Keys Infected: 10

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 23

Memory Processes Infected:

c:documents and settingsBTC Userapplication data819ff54ce0926d65310b91b7869a1c57boxtechsetup700.exe (Trojan.FakeAlert) -> 1532 -> Unloaded process successfully.

Memory Modules Infected:

c:WINDOWSsystem32sshnas21.dll (Trojan.FraudPack.Gen) -> Delete on reboot.

c:WINDOWSWMNCotfa.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstallAntimalwar

e Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{625F76EE-DE78-428A-8B2D-96F06F3707A5} (RoguePcClear) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSETUP.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREJP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWARENtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREXML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftHandle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSoftwareAntimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesSSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunGzajij (Trojan.Hiloti) -> Value: Gzajij -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunboxtechsetup700.

exe (Trojan.FakeAlert) -> Value: boxtechsetup700.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOW1T3CYG7T (Trojan.FraudPack.Gen) -> Value: OW1T3CYG7T -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunJP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:documents and settingsBTC Userstart menuProgramsantimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:

c:WINDOWSsystem32sshnas21.dll (Trojan.FraudPack.Gen) -> Delete on reboot.

c:WINDOWSWMNCotfa.dll (Trojan.Hiloti) -> Delete on reboot.

c:documents and settingsBTC Userapplication data819ff54ce0926d65310b91b7869a1c57boxtechsetup700.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:WINDOWSKsogea.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopflvdirect.exe (Adware.FLVPlayer) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopFLVTube.exe (Adware.FlvTube) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopinst.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktoppseq_2013-1_qt8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopsecure_2013_brs8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopmywebface.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:documents and settingsBTC Usermy documentsinst.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

c:documents and settingsBTC Usermy documentsmwsw.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:documents and settingsBTC UserDesktopantimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:documents and settingsBTC Userapplication datamicrosoftinternet explorerquick launchantimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:documents and settingsBTC Userstart menuantimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:documents and settingsBTC Userstart menuProgramsStartupantimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:documents and settingsall usersdocumentsServeradmin.txt (Malware.Trace) -> Quarantined and deleted successfully.

c:WINDOWSTasks{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:WINDOWSTasks{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:WINDOWSTasks{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:documents and settingsBTC Userstart menuProgramsantimalware doctorantimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:documents and settingsBTC Userstart menuProgramsantimalware doctoruninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

defogger_disable.log

Attach.txt

DDS.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Guest name cool

ComboFix 10-12-04.05 - BTC User 12/06/2010 12:29:36.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.297 [GMT 3:00]

Running from: c:\documents and settings\BTC User\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))

.

2010-12-05 12:11 . 2010-12-05 12:11 10240 ----a-w- c:\windows\system32\drivers\ujeymtgx.sys

2010-12-05 04:07 . 2010-12-05 04:40 -------- d-----w- c:\documents and settings\BTC User\Application Data\819FF54CE0926D65310B91B7869A1C57

2010-12-03 22:53 . 2010-12-03 22:53 -------- d-----w- c:\windows\system32\Macromed

2010-12-03 05:34 . 2010-11-04 18:43 506880 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2010-12-03 05:34 . 2010-12-03 05:35 -------- d-----w- c:\program files\Hotspot Shield

2010-11-30 04:58 . 2010-11-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Arovax

2010-11-30 04:53 . 2010-12-03 05:35 -------- d-----w- C:\Hotspot Shield

2010-11-28 23:39 . 2010-11-28 23:39 -------- d-----w- c:\program files\UltraSnapPRO

2010-11-28 00:10 . 2010-11-29 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-28 00:10 . 2010-11-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-28 00:10 . 2010-11-29 14:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 03:52 . 2010-11-26 03:52 -------- d-----w- c:\documents and settings\BTC User\Application Data\GPass

2010-11-25 15:08 . 2010-12-03 05:26 -------- d-----w- C:\CCProxy

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\BTC User\Application Data\SmartHideIP

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartHideIP

2010-11-24 02:22 . 2010-11-24 02:22 809079 ----a-w- C:\FPsetup.exe

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\BTC User\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-23 23:16 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-11-23 22:30 . 2010-11-23 22:30 -------- d-----w- c:\program files\Trend Micro

2010-11-20 16:46 . 2010-11-20 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-11-20 14:46 . 2010-11-20 14:46 -------- d-----w- c:\program files\Absolutist_Games

2010-11-13 08:54 . 2010-11-13 08:54 -------- d-----w- c:\program files\IrfanView

2010-11-12 11:32 . 2010-11-12 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\BTC User\Application Data\AutoHideIP

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP

2010-11-11 05:24 . 2010-11-11 05:24 -------- d-----w- c:\program files\CCleaner

2010-11-11 05:21 . 2010-11-11 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\5109

2010-11-10 08:17 . 2010-11-10 08:17 -------- d-----w- c:\windows\system32\NtmsData

2010-11-08 22:16 . 2010-11-08 22:16 -------- d-----w- c:\documents and settings\BTC User\Application Data\Runscanner.net

2010-11-08 21:30 . 2010-04-28 04:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft

2010-11-07 20:17 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-11-07 20:16 . 2010-11-07 20:16 -------- d-----w- c:\program files\Windows Media Connect 2

2010-11-07 20:14 . 2010-11-07 20:15 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-11-07 20:14 . 2010-11-07 20:14 -------- d-----w- c:\windows\system32\LogFiles

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-27 15:25 . 2010-10-31 20:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-10-27 15:21 . 2010-10-31 20:13 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2010-10-20 20:30 . 2010-10-20 20:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-20 20:30 . 2010-10-20 20:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-20 19:57 . 2010-10-20 19:57 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll

2010-10-20 19:57 . 2010-10-20 19:57 1287552 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2010-09-22 19:19 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2010-09-18 09:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((( SnapShot@2010-12-04_13.24.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-06 09:28 . 2010-12-06 09:28 16384 c:\windows\temp\Perflib_Perfdata_72c.dat

+ 2010-12-06 09:42 . 2010-12-06 09:42 16384 c:\windows\temp\Perflib_Perfdata_600.dat

+ 2004-08-04 12:00 . 2010-12-06 09:33 68062 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2010-12-04 13:17 68062 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2004-08-04 12:00 . 2010-12-06 09:33 433256 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2010-12-04 13:17 433256 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 9:41 PM 67656]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [10/27/2010 6:23 PM 1483072]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{2A1730A9-1199-48E0-8274-67C170504ADD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search

FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-06 12:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST980811AS rev.3.BHE -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x822FE555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x823047b0]; MOV EAX, [0x8230482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x823CF030]

3 CLASSPNP[0xF84B2FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000082[0x8226ED80]

5 ACPI[0xF8349620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8233D8E8]

\Driver\atapi[0x823533B0] -> IRP_MJ_CREATE -> 0x822FE555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST980811AS______________________________3.BHE___#4c353759315a354b20

2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x822FE39B

user & kernel MBR OK

copy of MBR has been found in sector 22 !

copy of MBR has been found in sector 23 !

Warning: possible TDL3 rootkit infection !

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1628)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1164)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Hotspot Shield\bin\openvpnas.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hotspot Shield\bin\openvpntray.exe

c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-12-06 12:47:29 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-06 09:47

ComboFix2.txt 2010-12-04 13:27

Pre-Run: 28,310,880,256 bytes free

Post-Run: 28,628,787,200 bytes free

- - End Of File - - B35E77BFE208458B948877A7817AC050

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Please go to , http://www.virustotal.com/en/indexf.html click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\ujeymtgx.sys

Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virscan.org is too busy you can try these.

http://virscan.org/

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

Guest name cool

This file "Combo Fix" and checked this and there is infection. http://virscan.org/report/3db3e922f7f75027...f9da195318.html

File Name : New ALZip ZIP File.zip

File Size : 1007441 byte

File Type : Zip archive data, at least v2.0 to extract

MD5 : f95fe9fab00d6bd203b78d225e0f2d8a

SHA1 : 9c3579e5f3d4663803de0d2779bbf5c0f2e713ad

Scanner results : 22% Scanner(s) (8/36) found malware!

Time : 2010/12/08 16:17:08 (AST)

a-squared 5.1.0.1 20101208020219 2010-12-08 - 40.091

AhnLab V3 2010.12.08.00 2010.12.08 2010-12-08 - 40.085

AntiVir 8.2.4.122 7.10.14.221 2010-12-08 TR/Patched.KL.233 0.651

Antiy 2.0.18 20101207.6186214 2010-12-07 - 0.017

Arcavir 2010 201012082037 2010-12-08 - 0.832

Authentium 5.1.1 201012072255 2010-12-07 W32/Swizzor-based.2!Maximus (Heuristic) 9.111

AVAST! 4.7.4 101207-1 2010-12-07 - 0.268

AVG 8.5.850 271.1.1/3299 2010-12-06 - 5.296

BitDefender 7.90123.6380589 7.34967 2010-12-08 Gen:Variant.Kazy.3281 18.084

ClamAV 0.96.3 12366 2010-12-08 - 0.761

Comodo 4.0 6986 2010-12-08 - 40.234

CP Secure 1.3.0.5 2010.12.08 2010-12-08 - 0.394

Dr.Web 5.0.2.3300 2010.12.08 2010-12-08 - 13.670

F-Prot 4.4.4.56 20101207 2010-12-07 Possible W32/Swizzor-based.2!Maximus 5.650

F-Secure 7.02.73807 2010.12.08.06 2010-12-08 - 12.010

Fortinet 4.2.254 12.645 2010-12-07 - 40.167

GData 21.1241/21.527 20101208 2010-12-08 - 40.100

Ikarus T3.1.32.15.0 2010.12.08.77311 2010-12-08 Trojan-Spy.Win32.Zbot 5.652

JiangMin 13.0.900 2010.11.30 2010-11-30 - 40.091

Kaspersky 5.5.10 2010.12.08 2010-12-08 - 0.385

KingSoft 2009.2.5.15 2010.12.8.18 2010-12-08 - 40.088

McAfee 5400.1158 6190 2010-12-07 Hiloti.gen.g 21.676

Microsoft 1.6402 2010.12.08 2010-12-08 - 40.186

Norman 6.06.11 6.06.00 2010-12-07 - 16.016

nProtect 20101207.01 9276664 2010-12-07 - 40.102

Panda 9.05.01 2010.12.07 2010-12-07 - 40.094

Quick Heal 11.00 2010.12.08 2010-12-08 - 40.085

Rising 20.0 22.77.01.08 2010-12-07 - 40.087

Sophos 3.14.1 4.60 2010-12-08 Mal/Hiloti-C 3.127

Sunbelt 3.9.2459.2 7556 2010-12-07 - 40.086

Symantec 1.3.0.24 20101207.002 2010-12-07 - 3.753

The Hacker 6.7.0.1 v00096 2010-12-06 - 40.086

Trend Micro 9.120-1004 7.688.06 2010-12-07 - 0.000

VBA32 3.12.14.2 20101207.1313 2010-12-07 - 4.151

ViRobot 20101208 2010.12.08 2010-12-08 - 40.088

VirusBuster 4.5.11.10 10.130.41/1978765 2010-12-07 Trojan.Hiloti.Gen!Pac.2 2.988

.............

This is the other. http://virscan.org/report/bd7098c3f88cecc1...1339647e1d.html

File Name : ujeymtgx.sys

File Size : 10240 byte

File Type : PE32 executable for MS Windows (DLL) (native) Intel 80386 32

MD5 : ff1774e78b914e36e603f790ca72d8a7

SHA1 : 28d3bc01c927555193fc596ee3107195452b3163

a-squared 5.1.0.1 20101208020219 2010-12-08 - 40.085

AhnLab V3 2010.12.08.00 2010.12.08 2010-12-08 - 40.089

AntiVir 8.2.4.122 7.10.14.221 2010-12-08 - 0.281

Antiy 2.0.18 20101207.6186214 2010-12-07 - 0.016

Arcavir 2010 201012082037 2010-12-08 - 0.043

Authentium 5.1.1 201012072255 2010-12-07 - 1.434

AVAST! 4.7.4 101207-1 2010-12-07 - 0.007

AVG 8.5.850 271.1.1/3299 2010-12-06 - 0.261

BitDefender 7.90123.6380589 7.34967 2010-12-08 - 5.880

ClamAV 0.96.3 12366 2010-12-08 - 0.009

Comodo 4.0 6986 2010-12-08 - 40.086

CP Secure 1.3.0.5 2010.12.08 2010-12-08 - 0.100

Dr.Web 5.0.2.3300 2010.12.08 2010-12-08 - 10.985

F-Prot 4.4.4.56 20101207 2010-12-07 - 1.314

F-Secure 7.02.73807 2010.12.08.06 2010-12-08 - 0.124

Fortinet 4.2.254 12.645 2010-12-07 - 40.088

GData 21.1241/21.527 20101208 2010-12-08 - 40.091

Ikarus T3.1.32.15.0 2010.12.08.77311 2010-12-08 - 5.469

JiangMin 13.0.900 2010.11.30 2010-11-30 - 40.088

Kaspersky 5.5.10 2010.12.08 2010-12-08 - 0.094

KingSoft 2009.2.5.15 2010.12.8.18 2010-12-08 - 40.089

McAfee 5400.1158 6190 2010-12-07 - 20.956

Microsoft 1.6402 2010.12.08 2010-12-08 - 40.086

Norman 6.06.11 6.06.00 2010-12-07 - 10.027

nProtect 20101207.01 9276664 2010-12-07 - 40.089

Panda 9.05.01 2010.12.07 2010-12-07 - 40.101

Quick Heal 11.00 2010.12.08 2010-12-08 - 40.086

Rising 20.0 22.77.01.08 2010-12-07 - 40.114

Sophos 3.14.1 4.60 2010-12-08 - 3.033

Sunbelt 3.9.2459.2 7556 2010-12-07 - 40.160

Symantec 1.3.0.24 20101207.002 2010-12-07 - 0.202

The Hacker 6.7.0.1 v00096 2010-12-06 - 40.103

Trend Micro 9.120-1004 7.688.06 2010-12-07 - 0.000

VBA32 3.12.14.2 20101207.1313 2010-12-07 - 3.385

ViRobot 20101208 2010.12.08 2010-12-08 - 40.086

VirusBuster 4.5.11.10 10.130.41/1978765 2010-12-07 - 2.490

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Guest name cool

Perhaps it is a quarantine Combo Fix "" .. I'm really sorry.

But there is an active threat! (Rootkits) when I run the Combo Fix "and get a warning message stating. (Combo Fix", has been detected rootkit activated and will reboot the machine).

Is this file required?ujeymtgx.sys?

Can we continue?

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

Guest name cool

2010/12/08 13:20:55.0125 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/08 13:20:55.0125 ================================================================================

2010/12/08 13:20:55.0125 SystemInfo:

2010/12/08 13:20:55.0125

2010/12/08 13:20:55.0125 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/08 13:20:55.0125 Product type: Workstation

2010/12/08 13:20:55.0125 ComputerName: BTC-1502F754BAB

2010/12/08 13:20:55.0125 UserName: BTC User

2010/12/08 13:20:55.0125 Windows directory: C:\WINDOWS

2010/12/08 13:20:55.0125 System windows directory: C:\WINDOWS

2010/12/08 13:20:55.0125 Processor architecture: Intel x86

2010/12/08 13:20:55.0125 Number of processors: 1

2010/12/08 13:20:55.0125 Page size: 0x1000

2010/12/08 13:20:55.0125 Boot type: Normal boot

2010/12/08 13:20:55.0125 ================================================================================

2010/12/08 13:20:55.0390 Initialize success

2010/12/08 13:20:56.0984 ================================================================================

2010/12/08 13:20:56.0984 Scan started

2010/12/08 13:20:56.0984 Mode: Manual;

2010/12/08 13:20:56.0984 ================================================================================

2010/12/08 13:20:57.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/08 13:20:58.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/08 13:20:58.0218 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/08 13:20:58.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/08 13:20:58.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/08 13:20:58.0937 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/08 13:20:59.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/08 13:20:59.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/08 13:20:59.0328 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/08 13:20:59.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/08 13:20:59.0671 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/08 13:20:59.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/08 13:20:59.0875 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/08 13:20:59.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/08 13:21:00.0062 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/08 13:21:00.0171 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/08 13:21:00.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/08 13:21:01.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/08 13:21:01.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/08 13:21:01.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/08 13:21:01.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/08 13:21:01.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/08 13:21:01.0531 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/12/08 13:21:01.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/08 13:21:01.0750 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/08 13:21:01.0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/08 13:21:01.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/08 13:21:01.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/08 13:21:02.0125 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2010/12/08 13:21:02.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/08 13:21:02.0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/08 13:21:02.0421 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/08 13:21:02.0515 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

2010/12/08 13:21:02.0625 HdAudAddService (47f106735bad58a4d4a05c4a38315cd9) C:\WINDOWS\system32\drivers\CHDAud.sys

2010/12/08 13:21:02.0703 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/08 13:21:02.0828 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/12/08 13:21:02.0875 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/12/08 13:21:03.0000 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

2010/12/08 13:21:03.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/08 13:21:03.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/08 13:21:03.0531 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/12/08 13:21:03.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/08 13:21:04.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/08 13:21:04.0171 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/08 13:21:04.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/08 13:21:04.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/08 13:21:04.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/08 13:21:04.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/08 13:21:04.0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/08 13:21:04.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/08 13:21:04.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/08 13:21:04.0656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/08 13:21:04.0703 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys

2010/12/08 13:21:04.0750 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys

2010/12/08 13:21:04.0812 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys

2010/12/08 13:21:04.0890 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys

2010/12/08 13:21:04.0937 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/12/08 13:21:05.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/08 13:21:05.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/08 13:21:05.0390 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/12/08 13:21:05.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/08 13:21:05.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/08 13:21:05.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/08 13:21:05.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/08 13:21:05.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/08 13:21:05.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/08 13:21:05.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/08 13:21:05.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/08 13:21:06.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/08 13:21:06.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/08 13:21:06.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/08 13:21:06.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/08 13:21:06.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/08 13:21:06.0484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/08 13:21:06.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/08 13:21:06.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/08 13:21:06.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/08 13:21:06.0671 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/08 13:21:06.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/08 13:21:06.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/08 13:21:06.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/08 13:21:07.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/08 13:21:07.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/08 13:21:07.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/08 13:21:07.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/12/08 13:21:07.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/08 13:21:07.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/08 13:21:07.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/08 13:21:07.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/08 13:21:07.0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/08 13:21:08.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/08 13:21:08.0234 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/08 13:21:08.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/08 13:21:08.0546 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/08 13:21:08.0593 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/08 13:21:08.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/08 13:21:08.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/08 13:21:08.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/08 13:21:08.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/08 13:21:08.0984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/08 13:21:09.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/08 13:21:09.0171 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/08 13:21:09.0312 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/12/08 13:21:09.0343 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/12/08 13:21:09.0468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/08 13:21:09.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/08 13:21:09.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/08 13:21:09.0843 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/08 13:21:09.0953 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/08 13:21:10.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/08 13:21:10.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/08 13:21:10.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/08 13:21:10.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/08 13:21:10.0562 tap0901 (2378578f2b5f5eb4901e96c9da409afe) C:\WINDOWS\system32\DRIVERS\tap0901.sys

2010/12/08 13:21:10.0656 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

2010/12/08 13:21:10.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/08 13:21:10.0890 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/08 13:21:10.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/08 13:21:11.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/08 13:21:11.0187 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

2010/12/08 13:21:11.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/08 13:21:11.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/08 13:21:11.0468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/08 13:21:11.0531 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/08 13:21:11.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/08 13:21:11.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/08 13:21:11.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/08 13:21:11.0828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/08 13:21:11.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/08 13:21:11.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/08 13:21:12.0078 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/12/08 13:21:12.0296 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/12/08 13:21:12.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/08 13:21:12.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/08 13:21:12.0515 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/08 13:21:12.0515 ================================================================================

2010/12/08 13:21:12.0515 Scan finished

2010/12/08 13:21:12.0515 ================================================================================

2010/12/08 13:21:12.0546 Detected object count: 1

2010/12/08 13:21:37.0093 \HardDisk0 - will be cured after reboot

2010/12/08 13:21:37.0093 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/08 13:21:47.0609 Deinitialize success

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Guest name cool

Did not find anything.

2010/12/08 19:43:50.0796 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/08 19:43:50.0796 ================================================================================

2010/12/08 19:43:50.0796 SystemInfo:

2010/12/08 19:43:50.0796

2010/12/08 19:43:50.0796 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/08 19:43:50.0796 Product type: Workstation

2010/12/08 19:43:50.0796 ComputerName: BTC-1502F754BAB

2010/12/08 19:43:50.0796 UserName: BTC User

2010/12/08 19:43:50.0796 Windows directory: C:\WINDOWS

2010/12/08 19:43:50.0796 System windows directory: C:\WINDOWS

2010/12/08 19:43:50.0796 Processor architecture: Intel x86

2010/12/08 19:43:50.0796 Number of processors: 1

2010/12/08 19:43:50.0796 Page size: 0x1000

2010/12/08 19:43:50.0796 Boot type: Normal boot

2010/12/08 19:43:50.0796 ================================================================================

2010/12/08 19:43:51.0500 Initialize success

2010/12/08 19:43:55.0562 ================================================================================

2010/12/08 19:43:55.0562 Scan started

2010/12/08 19:43:55.0562 Mode: Manual;

2010/12/08 19:43:55.0562 ================================================================================

2010/12/08 19:43:57.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/08 19:43:57.0375 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/08 19:43:57.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/08 19:43:57.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/08 19:43:58.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/08 19:43:58.0062 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/08 19:43:58.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/08 19:43:58.0187 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/08 19:43:58.0296 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/08 19:43:58.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/08 19:43:58.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/08 19:43:58.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/08 19:43:58.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/08 19:43:58.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/08 19:43:58.0984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/08 19:43:59.0062 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/08 19:43:59.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/08 19:43:59.0359 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/08 19:43:59.0406 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/08 19:43:59.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/08 19:43:59.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/08 19:43:59.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/08 19:43:59.0718 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/12/08 19:43:59.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/08 19:43:59.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/08 19:43:59.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/08 19:44:00.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/08 19:44:00.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/08 19:44:00.0203 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2010/12/08 19:44:00.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/08 19:44:00.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/08 19:44:00.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/08 19:44:00.0390 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

2010/12/08 19:44:00.0468 HdAudAddService (47f106735bad58a4d4a05c4a38315cd9) C:\WINDOWS\system32\drivers\CHDAud.sys

2010/12/08 19:44:00.0625 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/08 19:44:00.0796 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/12/08 19:44:00.0875 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/12/08 19:44:00.0953 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

2010/12/08 19:44:01.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/08 19:44:01.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/08 19:44:01.0546 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/12/08 19:44:01.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/08 19:44:02.0000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/08 19:44:02.0078 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/08 19:44:02.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/08 19:44:02.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/08 19:44:02.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/08 19:44:02.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/08 19:44:02.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/08 19:44:02.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/08 19:44:02.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/08 19:44:02.0515 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/08 19:44:02.0562 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys

2010/12/08 19:44:02.0593 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys

2010/12/08 19:44:02.0640 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys

2010/12/08 19:44:02.0718 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys

2010/12/08 19:44:02.0781 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/12/08 19:44:02.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/08 19:44:02.0953 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/08 19:44:03.0062 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/12/08 19:44:03.0109 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/08 19:44:03.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/08 19:44:03.0218 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/08 19:44:03.0265 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/08 19:44:03.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/08 19:44:03.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/08 19:44:03.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/08 19:44:03.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/08 19:44:03.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/08 19:44:03.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/08 19:44:03.0890 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/08 19:44:03.0984 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/08 19:44:04.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/08 19:44:04.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/08 19:44:04.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/08 19:44:04.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/08 19:44:04.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/08 19:44:04.0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/08 19:44:04.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/08 19:44:04.0984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/08 19:44:05.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/08 19:44:05.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/08 19:44:06.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/08 19:44:06.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/08 19:44:06.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/12/08 19:44:06.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/08 19:44:06.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/08 19:44:06.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/08 19:44:06.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/08 19:44:06.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/08 19:44:07.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/08 19:44:07.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/08 19:44:07.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/08 19:44:07.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/08 19:44:07.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/08 19:44:07.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/08 19:44:07.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/08 19:44:07.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/08 19:44:07.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/08 19:44:07.0703 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/08 19:44:07.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/08 19:44:07.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/08 19:44:07.0968 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/12/08 19:44:08.0015 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/12/08 19:44:08.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/08 19:44:08.0218 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/08 19:44:08.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/08 19:44:08.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/08 19:44:08.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/08 19:44:08.0593 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/08 19:44:08.0671 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/08 19:44:08.0718 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/08 19:44:08.0953 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/08 19:44:09.0046 tap0901 (2378578f2b5f5eb4901e96c9da409afe) C:\WINDOWS\system32\DRIVERS\tap0901.sys

2010/12/08 19:44:09.0125 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

2010/12/08 19:44:09.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/08 19:44:09.0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/08 19:44:09.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/08 19:44:09.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/08 19:44:09.0625 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

2010/12/08 19:44:09.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/08 19:44:09.0859 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/08 19:44:09.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/08 19:44:10.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/08 19:44:10.0125 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/08 19:44:10.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/08 19:44:10.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/08 19:44:10.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/08 19:44:10.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/08 19:44:10.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/08 19:44:10.0765 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/12/08 19:44:10.0921 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/12/08 19:44:11.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/08 19:44:11.0109 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/08 19:44:11.0203 ================================================================================

2010/12/08 19:44:11.0203 Scan finished

2010/12/08 19:44:11.0203 ================================================================================

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Run a new combofix scan.

Link to post
Share on other sites

Guest name cool

ComboFix 10-12-07.06 - BTC User 12/08/2010 20:38:18.8.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.241 [GMT 3:00]

Running from: c:\documents and settings\BTC User\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\atixdaxx.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))

.

2010-12-07 05:32 . 2010-11-04 18:43 506880 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2010-12-07 05:32 . 2010-12-07 05:33 -------- d-----w- c:\program files\Hotspot Shield

2010-12-07 01:24 . 2010-10-05 17:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2010-12-07 01:24 . 2010-10-05 17:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2010-12-07 01:24 . 2010-12-07 01:24 97545 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-07 01:24 . 2010-12-07 01:24 115465 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-07 01:22 . 2010-12-07 01:22 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-07 01:22 . 2010-12-08 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-12-07 01:20 . 2010-12-07 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-12-05 12:11 . 2010-12-05 12:11 10240 ----a-w- c:\windows\system32\drivers\ujeymtgx.sys

2010-12-05 04:07 . 2010-12-05 04:40 -------- d-----w- c:\documents and settings\BTC User\Application Data\819FF54CE0926D65310B91B7869A1C57

2010-12-03 22:53 . 2010-12-03 22:53 -------- d-----w- c:\windows\system32\Macromed

2010-11-30 04:58 . 2010-11-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Arovax

2010-11-30 04:53 . 2010-12-07 05:33 -------- d-----w- C:\Hotspot Shield

2010-11-28 23:39 . 2010-11-28 23:39 -------- d-----w- c:\program files\UltraSnapPRO

2010-11-28 00:10 . 2010-11-29 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-28 00:10 . 2010-11-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-28 00:10 . 2010-11-29 14:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 03:52 . 2010-11-26 03:52 -------- d-----w- c:\documents and settings\BTC User\Application Data\GPass

2010-11-25 15:08 . 2010-12-03 05:26 -------- d-----w- C:\CCProxy

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\BTC User\Application Data\SmartHideIP

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartHideIP

2010-11-24 02:22 . 2010-11-24 02:22 809079 ----a-w- C:\FPsetup.exe

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\BTC User\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-23 23:16 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-11-23 22:30 . 2010-11-23 22:30 -------- d-----w- c:\program files\Trend Micro

2010-11-20 16:46 . 2010-11-20 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-11-20 14:46 . 2010-11-20 14:46 -------- d-----w- c:\program files\Absolutist_Games

2010-11-13 08:54 . 2010-11-13 08:54 -------- d-----w- c:\program files\IrfanView

2010-11-12 11:32 . 2010-11-12 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\BTC User\Application Data\AutoHideIP

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP

2010-11-11 05:24 . 2010-11-11 05:24 -------- d-----w- c:\program files\CCleaner

2010-11-11 05:21 . 2010-11-11 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\5109

2010-11-10 08:17 . 2010-11-10 08:17 -------- d-----w- c:\windows\system32\NtmsData

2010-11-08 22:16 . 2010-11-08 22:16 -------- d-----w- c:\documents and settings\BTC User\Application Data\Runscanner.net

2010-11-08 21:30 . 2010-04-28 04:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-07 05:16 . 2010-12-07 05:14 1007441 ----a-w- C:\New ALZip ZIP File.zip

2010-12-07 02:52 . 2010-12-07 02:52 22 ----a-w- C:\quarantine.zip

2010-10-27 15:25 . 2010-10-31 20:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-10-27 15:21 . 2010-10-31 20:13 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2010-10-20 20:30 . 2010-10-20 20:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-20 20:30 . 2010-10-20 20:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-20 19:57 . 2010-10-20 19:57 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll

2010-10-20 19:57 . 2010-10-20 19:57 1287552 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

2010-10-05 17:27 . 2010-10-05 17:27 228024 ----a-w- c:\windows\system32\klogon.dll

2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2010-09-22 19:19 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2010-09-18 09:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 9:41 PM 67656]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [10/27/2010 6:23 PM 1483072]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 11:06 AM 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{2A1730A9-1199-48E0-8274-67C170504ADD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\documents and settings\BTC User\Application Data\Mozilla\plugins\np-mswmp.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-08 20:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-12-08 20:48:34

ComboFix-quarantined-files.txt 2010-12-08 17:48

ComboFix2.txt 2010-12-08 13:00

ComboFix3.txt 2010-12-06 09:47

Pre-Run: 28,068,093,952 bytes free

Post-Run: 28,115,501,056 bytes free

- - End Of File - - 6A5B20AB42A920CC4382D28AE3C1372A

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Did you still get the RootKit error when you ran CF?

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
C:\New ALZip ZIP File.zip
C:\quarantine.zip

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Guest name cool

Yes I still get a rootkit in every time when I run "Combo Fix".!

And when I browse the internet after about ten minutes and becomes very slow. And then change the taskbar color from blue to silver. And then the sound disappears from my computer ... And Internet Explorer be stuck. Marks the emergence of a message on what I think of Internet Explorer stating "Host Process" and after the computer is frozen ......

He was forced to shut down the system from the button.

There are other log

Can I do to paste?

..............

ComboFix 10-12-07.06 - BTC User 12/08/2010 21:37:54.9.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.240 [GMT 3:00]

Running from: c:\documents and settings\BTC User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\BTC User\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::

"C:\New ALZip ZIP File.zip"

"C:\quarantine.zip"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\New ALZip ZIP File.zip

C:\quarantine.zip

.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))

.

2010-12-07 05:32 . 2010-11-04 18:43 506880 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2010-12-07 05:32 . 2010-12-07 05:33 -------- d-----w- c:\program files\Hotspot Shield

2010-12-07 01:24 . 2010-10-05 17:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2010-12-07 01:24 . 2010-10-05 17:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2010-12-07 01:24 . 2010-12-07 01:24 97545 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-07 01:24 . 2010-12-07 01:24 115465 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-07 01:22 . 2010-12-07 01:22 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-07 01:22 . 2010-12-08 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-12-07 01:20 . 2010-12-07 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-12-05 12:11 . 2010-12-05 12:11 10240 ----a-w- c:\windows\system32\drivers\ujeymtgx.sys

2010-12-05 04:07 . 2010-12-05 04:40 -------- d-----w- c:\documents and settings\BTC User\Application Data\819FF54CE0926D65310B91B7869A1C57

2010-12-03 22:53 . 2010-12-03 22:53 -------- d-----w- c:\windows\system32\Macromed

2010-11-30 04:58 . 2010-11-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Arovax

2010-11-30 04:53 . 2010-12-07 05:33 -------- d-----w- C:\Hotspot Shield

2010-11-28 23:39 . 2010-11-28 23:39 -------- d-----w- c:\program files\UltraSnapPRO

2010-11-28 00:10 . 2010-11-29 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-28 00:10 . 2010-11-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-28 00:10 . 2010-11-29 14:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 03:52 . 2010-11-26 03:52 -------- d-----w- c:\documents and settings\BTC User\Application Data\GPass

2010-11-25 15:08 . 2010-12-03 05:26 -------- d-----w- C:\CCProxy

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\BTC User\Application Data\SmartHideIP

2010-11-25 14:54 . 2010-11-25 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartHideIP

2010-11-24 02:22 . 2010-11-24 02:22 809079 ----a-w- C:\FPsetup.exe

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\BTC User\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-11-24 00:38 . 2010-11-24 00:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-23 23:16 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-11-23 22:30 . 2010-11-23 22:30 -------- d-----w- c:\program files\Trend Micro

2010-11-20 16:46 . 2010-11-20 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-11-20 14:46 . 2010-11-20 14:46 -------- d-----w- c:\program files\Absolutist_Games

2010-11-13 08:54 . 2010-11-13 08:54 -------- d-----w- c:\program files\IrfanView

2010-11-12 11:32 . 2010-11-12 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\BTC User\Application Data\AutoHideIP

2010-11-11 05:35 . 2010-11-11 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP

2010-11-11 05:24 . 2010-11-11 05:24 -------- d-----w- c:\program files\CCleaner

2010-11-11 05:21 . 2010-11-11 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\5109

2010-11-10 08:17 . 2010-11-10 08:17 -------- d-----w- c:\windows\system32\NtmsData

2010-11-08 22:16 . 2010-11-08 22:16 -------- d-----w- c:\documents and settings\BTC User\Application Data\Runscanner.net

2010-11-08 21:30 . 2010-04-28 04:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-08 21:28 . 2010-11-08 21:28 -------- d-----w- c:\program files\Microsoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-27 15:25 . 2010-10-31 20:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-10-27 15:21 . 2010-10-31 20:13 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2010-10-20 20:30 . 2010-10-20 20:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-20 20:30 . 2010-10-20 20:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-20 19:57 . 2010-10-20 19:57 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll

2010-10-20 19:57 . 2010-10-20 19:57 1287552 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

2010-10-05 17:27 . 2010-10-05 17:27 228024 ----a-w- c:\windows\system32\klogon.dll

2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2010-09-22 19:19 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2010-09-18 09:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 9:41 PM 67656]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [10/27/2010 6:23 PM 1483072]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 11:06 AM 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{2A1730A9-1199-48E0-8274-67C170504ADD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

FF - ProfilePath - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\documents and settings\BTC User\Application Data\Mozilla\plugins\np-mswmp.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\BTC User\Application Data\Mozilla\Firefox\Profiles\3tmzhj1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-08 21:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2124)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Hotspot Shield\bin\openvpnas.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hotspot Shield\bin\openvpntray.exe

.

**************************************************************************

.

Completion time: 2010-12-08 21:50:02 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-08 18:49

ComboFix2.txt 2010-12-08 17:48

ComboFix3.txt 2010-12-08 13:00

ComboFix4.txt 2010-12-06 09:47

Pre-Run: 28,110,671,872 bytes free

Post-Run: 28,107,886,592 bytes free

- - End Of File - - EEA7C55CD93F46B78379A74942ABCF25

post-44308-1291837688_thumb.jpg

post-44308-1291837712_thumb.jpg

post-44308-1291837778_thumb.jpg

post-44308-1291837813_thumb.jpg

Link to post
Share on other sites

Guest name cool

Select Yes, "but after the Kaspersky in reboot the computer. On the grounds that it was removed. He surprised me and the return of the virus and the emergence of this message!!

And also the same thing for Malwarebytes' Anti-Malware, because he can not remove some infections .. After the reboot the computer and do a full scan with Malwarebytes' Anti-Malware .. Once again .. And again .. And the infection back again.!! :)

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Is this your PC?

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Link to post
Share on other sites

Guest name cool

OK. This is a mistake.

Here again.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/20/2010 7:35:23 PM

System Uptime: 12/9/2010 12:22:26 AM (2 hours ago)

Motherboard: Hewlett-Packard | | 30D5

Processor: Intel® Celeron® M CPU 440 @ 1.86GHz | U10 | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 26.177 GiB free.

D: is FIXED (NTFS) - 41 GiB total, 38.204 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/8/2010 3:40:50 PM - System Checkpoint

==== Installed Programs ======================

???? ??? Windows Live

???? ??????? ?? Windows Live

???? ??????? Windows Live Upload Tool

???? Windows Live

????? ????? ?????? ??? Windows Live

Adobe Flash Player 10 ActiveX

ALTools Update

ALZip

Broadcom 802.11 Wireless LAN Adapter

Capture&Send

CCleaner

Conexant HD Audio

Final Uninstaller

HDAUDIO Soft Data Fax Modem with SmartCP

HijackThis 2.0.2

HiYo

HiYo

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Hotspot Shield 1.56

HP Product Detection

iMesh

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

IrfanView (remove only)

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Kaspersky Internet Security 2011

Malwarebytes' Anti-Malware

Masterra PostSmile 7.0

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.6.12)

MSVCRT

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Segoe UI

SUPERAntiSpyware

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

UltraSnap PRO 3.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/8/2010 9:37:36 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

12/8/2010 9:37:35 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

12/8/2010 9:33:18 AM, error: Dhcp [1002] - The IP address lease 10.73.104.2 for the Network Card with network address 00FF14F7D2A9 has been denied by the DHCP server 10.79.127.254 (The DHCP Server sent a DHCPNACK message).

12/8/2010 6:58:33 AM, error: Dhcp [1002] - The IP address lease 10.79.88.22 for the Network Card with network address 00FF14F7D2A9 has been denied by the DHCP server 10.73.111.254 (The DHCP Server sent a DHCPNACK message).

12/8/2010 12:51:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/7/2010 9:46:42 AM, error: Dhcp [1002] - The IP address lease 10.76.8.33 for the Network Card with network address 00FF14F7D2A9 has been denied by the DHCP server 10.73.31.254 (The DHCP Server sent a DHCPNACK message).

12/7/2010 8:33:41 AM, error: PSched [14107] - QoS [Adapter {2FA42387-CEB0-4BA7-B015-DBC954DDF511}]: The Packet Scheduler could not initialize the virtual miniport with NDIS.

12/7/2010 8:33:36 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

12/7/2010 10:49:06 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

12/7/2010 1:31:14 PM, error: Dhcp [1002] - The IP address lease 10.73.24.10 for the Network Card with network address 00FF14F7D2A9 has been denied by the DHCP server 10.79.95.254 (The DHCP Server sent a DHCPNACK message).

12/7/2010 1:07:09 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/6/2010 9:15:27 AM, error: Dhcp [1002] - The IP address lease 10.76.120.9 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.76.71.254 (The DHCP Server sent a DHCPNACK message).

12/6/2010 9:14:03 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

12/6/2010 6:50:20 AM, error: Dhcp [1002] - The IP address lease 10.70.16.24 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.76.127.254 (The DHCP Server sent a DHCPNACK message).

12/6/2010 12:53:17 PM, error: Dhcp [1002] - The IP address lease 10.76.64.12 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.72.23.254 (The DHCP Server sent a DHCPNACK message).

12/5/2010 7:45:37 AM, error: Dhcp [1002] - The IP address lease 10.79.16.13 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.76.111.254 (The DHCP Server sent a DHCPNACK message).

12/5/2010 7:07:56 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.

12/5/2010 6:53:26 AM, error: Dhcp [1002] - The IP address lease 10.78.8.14 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.79.23.254 (The DHCP Server sent a DHCPNACK message).

12/5/2010 6:37:40 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).

12/5/2010 6:37:40 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

12/5/2010 6:37:40 PM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

12/5/2010 6:37:40 PM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

12/5/2010 6:37:40 PM, error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

12/5/2010 4:17:18 PM, error: Dhcp [1002] - The IP address lease 10.77.128.54 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.70.23.254 (The DHCP Server sent a DHCPNACK message).

12/5/2010 2:48:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/5/2010 10:06:11 AM, error: Dhcp [1002] - The IP address lease 10.76.104.20 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.77.135.254 (The DHCP Server sent a DHCPNACK message).

12/4/2010 6:37:58 AM, error: Dhcp [1002] - The IP address lease 10.77.120.24 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.78.135.254 (The DHCP Server sent a DHCPNACK message).

12/4/2010 4:48:10 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

12/4/2010 10:38:09 AM, error: Dhcp [1002] - The IP address lease 10.78.128.35 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.78.15.254 (The DHCP Server sent a DHCPNACK message).

12/3/2010 8:29:56 AM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

12/3/2010 7:22:00 AM, error: Dhcp [1002] - The IP address lease 10.8.0.6 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.57 (The DHCP Server sent a DHCPNACK message).

12/3/2010 6:57:45 AM, error: Dhcp [1002] - The IP address lease 10.8.0.82 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.5 (The DHCP Server sent a DHCPNACK message).

12/3/2010 6:53:30 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

12/3/2010 12:56:26 PM, error: Dhcp [1002] - The IP address lease 10.77.40.6 for the Network Card with network address 00FF5B2519C2 has been denied by the DHCP server 10.77.127.254 (The DHCP Server sent a DHCPNACK message).

12/3/2010 12:43:47 AM, error: Dhcp [1002] - The IP address lease 10.8.0.38 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.81 (The DHCP Server sent a DHCPNACK message).

12/3/2010 12:21:42 AM, error: Dhcp [1002] - The IP address lease 10.8.0.14 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.37 (The DHCP Server sent a DHCPNACK message).

12/3/2010 12:03:47 AM, error: Dhcp [1002] - The IP address lease 10.8.0.66 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.13 (The DHCP Server sent a DHCPNACK message).

12/2/2010 9:22:20 PM, error: Dhcp [1002] - The IP address lease 10.8.0.34 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.41 (The DHCP Server sent a DHCPNACK message).

12/2/2010 8:28:35 PM, error: Dhcp [1002] - The IP address lease 10.8.0.78 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.33 (The DHCP Server sent a DHCPNACK message).

12/2/2010 3:27:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

12/2/2010 10:22:30 PM, error: Dhcp [1002] - The IP address lease 10.8.0.42 for the Network Card with network address 00FFB1E05234 has been denied by the DHCP server 10.8.0.65 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86

Run by BTC User at 2:09:10.90 on Thu 12/09/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.44 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\BTC User\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\btcuse~1\applic~1\mozilla\firefox\profiles\3tmzhj1l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\documents and settings\btc user\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-12-7 475736]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-9 54760]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

=============== Created Last 30 ================

2010-12-08 12:40:46 98816 ----a-w- c:\windows\sed.exe

2010-12-08 12:40:46 89088 ----a-w- c:\windows\MBR.exe

2010-12-08 12:40:46 256512 ----a-w- c:\windows\PEV.exe

2010-12-08 12:40:46 161792 ----a-w- c:\windows\SWREG.exe

2010-12-07 05:32:59 506880 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2010-12-07 05:32:56 -------- d-----w- c:\program files\Hotspot Shield

2010-12-07 01:24:37 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

2010-12-07 01:24:35 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2010-12-07 01:24:14 97545 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-07 01:24:14 115465 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-07 01:22:34 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-07 01:22:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2010-12-07 01:20:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-12-05 12:11:20 10240 ----a-w- c:\windows\system32\drivers\ujeymtgx.sys

2010-12-05 04:07:53 -------- d-----w- c:\docume~1\btcuse~1\applic~1\819FF54CE0926D65310B91B7869A1C57

2010-11-30 04:58:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Arovax

2010-11-30 04:53:23 -------- d-----w- C:\Hotspot Shield

2010-11-28 23:39:47 -------- d-----w- c:\program files\UltraSnapPRO

2010-11-28 00:10:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-28 00:10:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-28 00:10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 03:52:09 -------- d-----w- c:\docume~1\btcuse~1\applic~1\GPass

2010-11-25 15:08:29 -------- d-----w- C:\CCProxy

2010-11-25 14:54:11 -------- d-----w- c:\docume~1\btcuse~1\applic~1\SmartHideIP

2010-11-25 14:54:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\SmartHideIP

2010-11-24 02:22:21 809079 ----a-w- C:\FPsetup.exe

2010-11-24 00:38:36 -------- d-----w- c:\docume~1\btcuse~1\applic~1\SUPERAntiSpyware.com

2010-11-24 00:38:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-11-24 00:38:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-24 00:05:26 -------- d-sha-r- C:\cmdcons

2010-11-23 23:16:13 215920 ----a-w- c:\windows\system32\muweb.dll

2010-11-23 22:30:40 -------- d-----w- c:\program files\Trend Micro

2010-11-20 16:46:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-11-20 14:46:00 -------- d-----w- c:\program files\Absolutist_Games

2010-11-13 08:54:30 -------- d-----w- c:\program files\IrfanView

2010-11-11 05:35:42 -------- d-----w- c:\docume~1\btcuse~1\applic~1\AutoHideIP

2010-11-11 05:35:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\AutoHideIP

2010-11-11 05:24:56 -------- d-----w- c:\program files\CCleaner

2010-11-11 05:21:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\5109

2010-11-10 08:17:35 -------- d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-10-27 15:25:18 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-10-27 15:21:08 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2010-10-20 20:30:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-20 20:30:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-20 19:57:45 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll

2010-10-05 17:27:04 228024 ----a-w- c:\windows\system32\klogon.dll

2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 2:10:28.87 ===============

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Guest name cool

Yes. I've ... To install it to surf safer. I do not know if it is safe or unsafe but the problem with "anti-malware Doctor," which I think he has not been disclosed yet. Which means that there is infection in my computer hiding.

There has been all of these issues after the attack "anti-malware Doctor." Which I think it's probably a new version.

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.