willd Posted December 26, 2010 ID:365743 Share Posted December 26, 2010 Hello, Merry Christmas and thank you in advance.This is my stepsons computer and I am compleatly baffeled. I have been working on this all weekend(since yesterday anyhow) and just seem to be getting nowhere.I believe this is all of the info you need to sart according to here :http://forums.malwarebytes.org/index.php?showtopic=9573I work 2 jobs so I might not be able to do things right away so please let me know if that is going to be a problem.I have to upload this from my computer because the infected one blocks your site when I try to upload from there.Thank You,WilldMBAM LOG:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5394Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/25/2010 2:51:57 PMmbam-log-2010-12-25 (14-51-57).txtScan type: Quick scanObjects scanned: 169944Time elapsed: 19 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack) -> Value: JP595IR86O -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\Temp\Oz1.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.c:\WINDOWS\Temp\Oz0.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.c:\WINDOWS\Temp\Oz2.exe (Trojan.FraudPack) -> Delete on reboot.c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.DDS:DDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 19:10:55.34 on Sat 12/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.177 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\Lexmark X6100 Series\lxbfbmgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Lexmark X6100 Series\lxbfbmon.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\mshta.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Owner\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = uWindow Title = Windows Internet Explorer provided by Yahoo!uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:59274uSearchAssistant = mSearchAssistant = BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No FileBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [DW6] uRun: [dejfphmx] c:\docume~1\owner\locals~1\temp\uubicvqdq\jqwvkdiaffm.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exemRun: [showWnd] ShowWnd.exemRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [CHotkey] zHotkey.exemRun: [bearShare] "c:\program files\bearshare\BearShare.exe" /pausemRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeIE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllTrusted Zone: live.com\onecareDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cabDPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cabDPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://albertsons.coupons.smartsource.com/download/cscmv5X.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293234691093DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: AtiExtEvent - Ati2evxx.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12============= SERVICES / DRIVERS ===============R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]S0 adwikxd;adwikxd;c:\windows\system32\drivers\bekr.sys --> c:\windows\system32\drivers\bekr.sys [?]S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]=============== Created Last 30 ================2010-12-25 23:56:54 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-25 23:56:54 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-25 18:14:13 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d82010-12-25 16:30:55 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com2010-12-25 16:30:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-12-25 16:30:45 -------- d-----w- c:\program files\SUPERAntiSpyware2010-12-25 04:20:38 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-12-25 04:20:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-12-25 03:19:08 -------- d-----w- c:\program files\Loaris2010-12-25 00:16:48 -------- d--h--w- c:\program files\WindowsUpdate2010-12-25 00:12:38 -------- d-----w- c:\docume~1\owner\applic~1\ElevatedDiagnostics2010-12-24 23:26:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\FixItCenter2010-12-24 23:25:07 -------- d-----w- c:\windows\MATS2010-12-24 23:25:04 -------- d-----w- c:\program files\Microsoft Fix it Center2010-12-24 22:32:59 76800 ------w- c:\windows\system32\msshavmsg.dll2010-12-24 22:26:08 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll2010-12-24 22:24:32 19569 ----a-w- c:\windows\002788_.tmp2010-12-24 22:18:32 -------- d-----w- c:\windows\EHome2010-12-24 14:26:19 -------- d-sh--w- c:\documents and settings\owner\IECompatCache2010-12-24 05:53:43 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-24 05:24:22 -------- d-----w- c:\windows\pss2010-12-24 05:23:54 -------- d-----w- C:\0dd941d7f2610f30b7d323a553262010-12-24 05:23:53 -------- d-----w- C:\2aaeaeff91a25884dc00e82010-12-24 05:23:52 -------- d-----w- C:\487a6b61adb0c567cb2010-12-24 05:23:50 -------- d-----w- C:\c6783c46a2fe735c7d298838b814712010-12-24 05:23:46 -------- d-----w- C:\70c4babbaf749f43a42010-12-24 04:18:40 -------- d-----w- C:\0219c6c091bc11352e6d912010-12-24 04:17:05 -------- d-----w- C:\5088597288c1ba94e32010-12-24 04:16:56 -------- d-----w- C:\893ffd6facbecd1bdae12010-12-24 04:16:45 -------- d-----w- C:\08156ec3aa9500a47e2010-12-24 04:16:21 -------- d-----w- C:\571aaf439bdc918cee53a21c5ec8c0322010-12-24 04:15:58 -------- d-----w- C:\3750f0569d0635b1411e1f2cb15517ac2010-12-24 04:15:47 -------- d-----w- C:\57f3331fb5c8dbb83238abb4b325c9be2010-12-24 04:14:32 -------- d-----w- C:\1fe66f0e39f02e4b019637a4df0139282010-12-24 04:14:11 -------- d-----w- C:\31925ef44076c8c61d692010-12-24 04:13:58 -------- d-----w- C:\da0db74252d895d31432282010-12-24 04:13:55 -------- d-----w- C:\f43a6c60d2d752d174b3b450d22010-12-24 02:15:05 -------- d-----w- C:\718f3e9d89c2bd59606e2010-12-24 02:14:53 -------- d-----w- C:\ce472f0a452fcd55f1a101c5f3af8b2010-12-24 02:14:32 -------- d-----w- C:\13f53ddf082dc6787a140ba7==================== Find3M ====================2010-11-16 07:10:14 65328 ----a-w- c:\windows\apppatch\matsshim.dll=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: WDC_WD1600BB-22GUA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdePort4 P4T0L0-1fdevice: opened successfullyuser: MBR read successfullyDisk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8336E446]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83374504]; MOV EAX, [0x83374580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x83341030]3 CLASSPNP[0xF76FCFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000007f[0x833D45B8]5 ACPI[0xF7513620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x833D4770]\Driver\atapi[0x832F39A8] -> IRP_MJ_CREATE -> 0x8336E446kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }detected disk devices:\Device\Ide\IdeDeviceP4T0L0-1f -> \??\IDE#DiskWDC_WD1600BB-22GUA0_____________________08.02D08#5&df90ce5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:\Driver\atapi DriverStartIo -> 0x8336E292user != kernel MBR !!! sectors 312581806 (+255): user != kernelWarning: possible TDL4 rootkit infection !TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.============= FINISH: 19:12:28.75 ===============Attach.zip Link to post Share on other sites More sharing options...
LDTate Posted December 27, 2010 ID:366288 Share Posted December 27, 2010 Please don't attach the scans / logs, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.I suggest you do this:Open Notepad, click on Format and uncheck Word Wrap.Internet Explorer (Windows)1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.2. Click the "Connections" tab, then click the "LAN Settings" button.3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.Firefox (Windows)1. Click "Tools", then click "Options" to bring up the Options window.2. Click the "Advanced" button, then click the "Network" tab.3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.Next:Disable Internet Explorer Proxy Settings and Reset TCP/IP and WinsockDisable Internet Explorer Proxy Settings and Reset TCP/IPIt is very important that these steps be carried out exactly as shown otherwise the fix will not work.If you have any questions please ask before moving on.Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.Then save the file as "fixme.bat" to your DesktopIn the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.@ECHO OFFreg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /freg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /freg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /freg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /fnetsh int ip reset resetlog.txtnetsh winsock reset catalogOn Windows XP you can double-click the file to run it. On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click YesThis will flash a black DOS box very quickly and go away, this is normal. Restart your computer now.Launch Internet Explorer and see if you can connect to the Internet.Launch MBAM and check for Updates Link to post Share on other sites More sharing options...
willd Posted December 27, 2010 Author ID:366515 Share Posted December 27, 2010 Hello,Ok the first part: Use proxy server was not checked but neither was automatically detect settings, so checked that.Second part: Ran the script restarted computer,updated MBAM went from database 5394 to 5405 and I am posting this from this infected computer now.I stopped there because I was not sure if you wanted me to run another scan now or not.Thank you,Willd Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366519 Share Posted December 28, 2010 I stopped there because I was not sure if you wanted me to run another scan now or not.Yes run and post the results.Also let me know how it's running. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366544 Share Posted December 28, 2010 Ok, I went to grab a bite to eat after my last post and had left Internet Explorer open as well as MBAM and when I got back both would not respond. Did Control-Alt-Delete and that finally came up after approxmately 60 seconds and was able to end those processes then ran a new scan that found this one item. Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5405Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/27/2010 7:08:47 PMmbam-log-2010-12-27 (19-08-47).txtScan type: Quick scanObjects scanned: 175922Time elapsed: 21 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dejfphmx (Trojan.FakeAlert.Gen) -> Value: dejfphmx -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366546 Share Posted December 28, 2010 Next:Note: if the Cure option is not there, please select 'Skip'. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.please post the contents of that log TDSSKiller log.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366556 Share Posted December 28, 2010 Ok, Here is the log and I dont think I mentioned this before but my hard drive was not showing up in disk management before but its there now so there is progress for sure.2010/12/27 19:26:08.0296 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:462010/12/27 19:26:08.0296 ================================================================================2010/12/27 19:26:08.0296 SystemInfo:2010/12/27 19:26:08.0296 2010/12/27 19:26:08.0296 OS Version: 5.1.2600 ServicePack: 3.02010/12/27 19:26:08.0296 Product type: Workstation2010/12/27 19:26:08.0296 ComputerName: QUIGLEY2010/12/27 19:26:08.0296 UserName: Owner2010/12/27 19:26:08.0296 Windows directory: C:\WINDOWS2010/12/27 19:26:08.0296 System windows directory: C:\WINDOWS2010/12/27 19:26:08.0296 Processor architecture: Intel x862010/12/27 19:26:08.0296 Number of processors: 12010/12/27 19:26:08.0296 Page size: 0x10002010/12/27 19:26:08.0296 Boot type: Normal boot2010/12/27 19:26:08.0296 ================================================================================2010/12/27 19:26:08.0984 Initialize success2010/12/27 19:27:00.0859 ================================================================================2010/12/27 19:27:00.0859 Scan started2010/12/27 19:27:00.0859 Mode: Manual; 2010/12/27 19:27:00.0859 ================================================================================2010/12/27 19:27:01.0781 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2010/12/27 19:27:01.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/12/27 19:27:02.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/12/27 19:27:02.0203 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2010/12/27 19:27:02.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/12/27 19:27:02.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/12/27 19:27:02.0906 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/12/27 19:27:03.0109 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2010/12/27 19:27:03.0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2010/12/27 19:27:03.0437 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2010/12/27 19:27:03.0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2010/12/27 19:27:03.0703 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2010/12/27 19:27:03.0953 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2010/12/27 19:27:04.0109 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2010/12/27 19:27:04.0328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2010/12/27 19:27:04.0515 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2010/12/27 19:27:04.0750 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/12/27 19:27:04.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2010/12/27 19:27:04.0890 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2010/12/27 19:27:04.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2010/12/27 19:27:05.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/12/27 19:27:05.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/12/27 19:27:05.0312 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/12/27 19:27:05.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/12/27 19:27:05.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/12/27 19:27:05.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/12/27 19:27:06.0031 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2010/12/27 19:27:06.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/12/27 19:27:06.0250 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2010/12/27 19:27:06.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/12/27 19:27:06.0453 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/12/27 19:27:06.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/12/27 19:27:06.0828 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2010/12/27 19:27:07.0078 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2010/12/27 19:27:07.0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2010/12/27 19:27:07.0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2010/12/27 19:27:07.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/12/27 19:27:07.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/12/27 19:27:08.0140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/12/27 19:27:08.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/12/27 19:27:08.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/12/27 19:27:08.0765 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2010/12/27 19:27:08.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/12/27 19:27:09.0093 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/12/27 19:27:09.0218 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/12/27 19:27:09.0343 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/12/27 19:27:09.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/12/27 19:27:09.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2010/12/27 19:27:09.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/12/27 19:27:09.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/12/27 19:27:09.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2010/12/27 19:27:10.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/12/27 19:27:10.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/12/27 19:27:10.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2010/12/27 19:27:10.0625 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys2010/12/27 19:27:10.0906 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys2010/12/27 19:27:11.0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/12/27 19:27:11.0375 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2010/12/27 19:27:11.0484 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2010/12/27 19:27:11.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/12/27 19:27:11.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/12/27 19:27:11.0921 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2010/12/27 19:27:12.0031 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/12/27 19:27:12.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2010/12/27 19:27:12.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/12/27 19:27:12.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/12/27 19:27:12.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/12/27 19:27:12.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/12/27 19:27:12.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/12/27 19:27:13.0078 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/12/27 19:27:13.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/12/27 19:27:13.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/12/27 19:27:13.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/12/27 19:27:13.0703 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys2010/12/27 19:27:13.0906 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/12/27 19:27:14.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/12/27 19:27:14.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/12/27 19:27:14.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/12/27 19:27:14.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/12/27 19:27:14.0671 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2010/12/27 19:27:14.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/12/27 19:27:15.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/12/27 19:27:15.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/12/27 19:27:15.0375 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/12/27 19:27:15.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/12/27 19:27:15.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/12/27 19:27:15.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/12/27 19:27:15.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/12/27 19:27:15.0953 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys2010/12/27 19:27:16.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/12/27 19:27:16.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/12/27 19:27:16.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/12/27 19:27:16.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/12/27 19:27:16.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/12/27 19:27:16.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/12/27 19:27:16.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/12/27 19:27:17.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/12/27 19:27:17.0312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/12/27 19:27:17.0453 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/12/27 19:27:17.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/12/27 19:27:17.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/12/27 19:27:18.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/12/27 19:27:18.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/12/27 19:27:18.0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/12/27 19:27:18.0437 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys2010/12/27 19:27:18.0562 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2010/12/27 19:27:18.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/12/27 19:27:18.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/12/27 19:27:18.0968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/12/27 19:27:19.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/12/27 19:27:19.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/12/27 19:27:19.0578 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2010/12/27 19:27:19.0703 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2010/12/27 19:27:19.0843 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys2010/12/27 19:27:19.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/12/27 19:27:20.0078 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys2010/12/27 19:27:20.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/12/27 19:27:20.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/12/27 19:27:20.0500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2010/12/27 19:27:20.0609 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2010/12/27 19:27:20.0734 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2010/12/27 19:27:20.0859 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2010/12/27 19:27:20.0984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2010/12/27 19:27:21.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/12/27 19:27:21.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/12/27 19:27:21.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/12/27 19:27:21.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/12/27 19:27:21.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/12/27 19:27:21.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/12/27 19:27:21.0921 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/12/27 19:27:22.0140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/12/27 19:27:22.0343 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/12/27 19:27:22.0484 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS2010/12/27 19:27:22.0625 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2010/12/27 19:27:22.0656 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS2010/12/27 19:27:22.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/12/27 19:27:23.0062 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/12/27 19:27:23.0171 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/12/27 19:27:23.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/12/27 19:27:23.0468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2010/12/27 19:27:23.0656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2010/12/27 19:27:23.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/12/27 19:27:23.0921 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/12/27 19:27:24.0156 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys2010/12/27 19:27:24.0359 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys2010/12/27 19:27:24.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/12/27 19:27:24.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/12/27 19:27:24.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2010/12/27 19:27:24.0828 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2010/12/27 19:27:25.0031 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2010/12/27 19:27:25.0140 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2010/12/27 19:27:25.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/12/27 19:27:25.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/12/27 19:27:25.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/12/27 19:27:25.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/12/27 19:27:25.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/12/27 19:27:26.0171 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2010/12/27 19:27:26.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/12/27 19:27:26.0500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2010/12/27 19:27:26.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/12/27 19:27:26.0859 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys2010/12/27 19:27:26.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/12/27 19:27:27.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/12/27 19:27:27.0218 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/12/27 19:27:27.0328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys2010/12/27 19:27:27.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/12/27 19:27:27.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/12/27 19:27:27.0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/12/27 19:27:27.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/12/27 19:27:27.0906 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/12/27 19:27:28.0000 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2010/12/27 19:27:28.0187 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/12/27 19:27:28.0328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/12/27 19:27:28.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/12/27 19:27:28.0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/12/27 19:27:28.0812 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/12/27 19:27:28.0984 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2010/12/27 19:27:28.0984 ================================================================================2010/12/27 19:27:28.0984 Scan finished2010/12/27 19:27:28.0984 ================================================================================2010/12/27 19:27:29.0000 Detected object count: 12010/12/27 19:28:04.0578 \HardDisk0 - will be cured after reboot2010/12/27 19:28:04.0578 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/27 19:28:30.0734 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366558 Share Posted December 28, 2010 We need to run it again to make sure it's gone before moving on. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366573 Share Posted December 28, 2010 Ok,Here is the new log. Did not find anything.2010/12/27 19:45:28.0390 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:462010/12/27 19:45:28.0390 ================================================================================2010/12/27 19:45:28.0390 SystemInfo:2010/12/27 19:45:28.0390 2010/12/27 19:45:28.0390 OS Version: 5.1.2600 ServicePack: 3.02010/12/27 19:45:28.0390 Product type: Workstation2010/12/27 19:45:28.0390 ComputerName: QUIGLEY2010/12/27 19:45:28.0390 UserName: Owner2010/12/27 19:45:28.0390 Windows directory: C:\WINDOWS2010/12/27 19:45:28.0390 System windows directory: C:\WINDOWS2010/12/27 19:45:28.0390 Processor architecture: Intel x862010/12/27 19:45:28.0390 Number of processors: 12010/12/27 19:45:28.0390 Page size: 0x10002010/12/27 19:45:28.0390 Boot type: Normal boot2010/12/27 19:45:28.0390 ================================================================================2010/12/27 19:45:28.0609 Initialize success2010/12/27 19:45:31.0515 ================================================================================2010/12/27 19:45:31.0515 Scan started2010/12/27 19:45:31.0515 Mode: Manual; 2010/12/27 19:45:31.0515 ================================================================================2010/12/27 19:45:32.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2010/12/27 19:45:32.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/12/27 19:45:32.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/12/27 19:45:33.0093 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2010/12/27 19:45:33.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/12/27 19:45:33.0390 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/12/27 19:45:33.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/12/27 19:45:34.0031 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2010/12/27 19:45:34.0375 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2010/12/27 19:45:34.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2010/12/27 19:45:34.0750 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2010/12/27 19:45:34.0968 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2010/12/27 19:45:35.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2010/12/27 19:45:35.0328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2010/12/27 19:45:35.0562 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2010/12/27 19:45:35.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2010/12/27 19:45:35.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/12/27 19:45:35.0937 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2010/12/27 19:45:35.0984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2010/12/27 19:45:36.0015 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2010/12/27 19:45:36.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/12/27 19:45:36.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/12/27 19:45:36.0406 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/12/27 19:45:36.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/12/27 19:45:36.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/12/27 19:45:36.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/12/27 19:45:36.0968 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2010/12/27 19:45:37.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/12/27 19:45:37.0171 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2010/12/27 19:45:37.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/12/27 19:45:37.0281 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/12/27 19:45:37.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/12/27 19:45:37.0593 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2010/12/27 19:45:37.0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2010/12/27 19:45:38.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2010/12/27 19:45:38.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2010/12/27 19:45:38.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/12/27 19:45:38.0609 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/12/27 19:45:38.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/12/27 19:45:39.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/12/27 19:45:39.0265 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/12/27 19:45:39.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2010/12/27 19:45:39.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/12/27 19:45:39.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/12/27 19:45:40.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/12/27 19:45:40.0171 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/12/27 19:45:40.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/12/27 19:45:40.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2010/12/27 19:45:40.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/12/27 19:45:40.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/12/27 19:45:40.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2010/12/27 19:45:40.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/12/27 19:45:40.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/12/27 19:45:41.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2010/12/27 19:45:41.0265 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys2010/12/27 19:45:41.0515 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys2010/12/27 19:45:41.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/12/27 19:45:41.0984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2010/12/27 19:45:42.0078 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2010/12/27 19:45:42.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/12/27 19:45:42.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/12/27 19:45:42.0437 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2010/12/27 19:45:42.0625 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/12/27 19:45:42.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2010/12/27 19:45:43.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/12/27 19:45:43.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/12/27 19:45:43.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/12/27 19:45:43.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/12/27 19:45:43.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/12/27 19:45:43.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/12/27 19:45:44.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/12/27 19:45:44.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/12/27 19:45:44.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/12/27 19:45:44.0609 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys2010/12/27 19:45:44.0718 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/12/27 19:45:44.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/12/27 19:45:44.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/12/27 19:45:45.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/12/27 19:45:45.0171 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/12/27 19:45:45.0265 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2010/12/27 19:45:45.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/12/27 19:45:45.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/12/27 19:45:45.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/12/27 19:45:45.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/12/27 19:45:46.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/12/27 19:45:46.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/12/27 19:45:46.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/12/27 19:45:46.0421 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/12/27 19:45:46.0515 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys2010/12/27 19:45:46.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/12/27 19:45:46.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/12/27 19:45:46.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/12/27 19:45:47.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/12/27 19:45:47.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/12/27 19:45:47.0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/12/27 19:45:47.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/12/27 19:45:47.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/12/27 19:45:47.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/12/27 19:45:47.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/12/27 19:45:48.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/12/27 19:45:48.0343 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/12/27 19:45:48.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/12/27 19:45:48.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/12/27 19:45:48.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/12/27 19:45:48.0921 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys2010/12/27 19:45:49.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2010/12/27 19:45:49.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/12/27 19:45:49.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/12/27 19:45:49.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/12/27 19:45:49.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/12/27 19:45:49.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/12/27 19:45:50.0156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2010/12/27 19:45:50.0265 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2010/12/27 19:45:50.0406 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys2010/12/27 19:45:50.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/12/27 19:45:50.0656 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys2010/12/27 19:45:50.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/12/27 19:45:50.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/12/27 19:45:51.0078 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2010/12/27 19:45:51.0187 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2010/12/27 19:45:51.0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2010/12/27 19:45:51.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2010/12/27 19:45:51.0531 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2010/12/27 19:45:51.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/12/27 19:45:51.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/12/27 19:45:51.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/12/27 19:45:52.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/12/27 19:45:52.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/12/27 19:45:52.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/12/27 19:45:52.0453 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/12/27 19:45:52.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/12/27 19:45:52.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/12/27 19:45:53.0000 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS2010/12/27 19:45:53.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2010/12/27 19:45:53.0140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS2010/12/27 19:45:53.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/12/27 19:45:53.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/12/27 19:45:53.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/12/27 19:45:53.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/12/27 19:45:54.0031 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2010/12/27 19:45:54.0234 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2010/12/27 19:45:54.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/12/27 19:45:54.0515 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/12/27 19:45:54.0718 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys2010/12/27 19:45:54.0937 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys2010/12/27 19:45:55.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/12/27 19:45:55.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/12/27 19:45:55.0265 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2010/12/27 19:45:55.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2010/12/27 19:45:55.0578 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2010/12/27 19:45:55.0687 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2010/12/27 19:45:55.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/12/27 19:45:55.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/12/27 19:45:56.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/12/27 19:45:56.0250 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/12/27 19:45:56.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/12/27 19:45:56.0609 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2010/12/27 19:45:56.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/12/27 19:45:56.0937 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2010/12/27 19:45:57.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/12/27 19:45:57.0312 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys2010/12/27 19:45:57.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/12/27 19:45:57.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/12/27 19:45:57.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/12/27 19:45:57.0781 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys2010/12/27 19:45:57.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/12/27 19:45:58.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/12/27 19:45:58.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/12/27 19:45:58.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/12/27 19:45:58.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/12/27 19:45:58.0421 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2010/12/27 19:45:58.0609 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/12/27 19:45:58.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/12/27 19:45:58.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/12/27 19:45:58.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/12/27 19:45:59.0140 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/12/27 19:45:59.0328 ================================================================================2010/12/27 19:45:59.0328 Scan finished2010/12/27 19:45:59.0328 ================================================================================2010/12/27 19:46:17.0765 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366574 Share Posted December 28, 2010 Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366594 Share Posted December 28, 2010 If I havent said Hello and Thank You yet, Hello and Thank You.Scan installed Recovery console and ran ok(as far as I know anyway).ComboFix 10-12-26.01 - Owner 12/27/2010 20:10:06.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.135 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Owner\Application Data\completescanc:\documents and settings\Owner\My Documents\iexplore.exec:\windows\Downloaded Program Files\CpnMgr.dllc:\windows\system32\Oeminfo.inic:\windows\Tasks\At1.jobc:\windows\Tasks\At10.jobc:\windows\Tasks\At11.jobc:\windows\Tasks\At12.jobc:\windows\Tasks\At13.jobc:\windows\Tasks\At14.jobc:\windows\Tasks\At15.jobc:\windows\Tasks\At16.jobc:\windows\Tasks\At17.jobc:\windows\Tasks\At18.jobc:\windows\Tasks\At19.jobc:\windows\Tasks\At2.jobc:\windows\Tasks\At20.jobc:\windows\Tasks\At21.jobc:\windows\Tasks\At22.jobc:\windows\Tasks\At23.jobc:\windows\Tasks\At24.jobc:\windows\Tasks\At3.jobc:\windows\Tasks\At4.jobc:\windows\Tasks\At5.jobc:\windows\Tasks\At6.jobc:\windows\Tasks\At7.jobc:\windows\Tasks\At8.jobc:\windows\Tasks\At9.jobD:\Autorun.inf.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NNSERV-------\Service_NNServ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))).2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d82010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll2010-12-24 22:24 . 2006-12-29 06:31 19569 ----a-w- c:\windows\002788_.tmp2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\0dd941d7f2610f30b7d323a553262010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\2aaeaeff91a25884dc00e82010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\487a6b61adb0c567cb2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\c6783c46a2fe735c7d298838b814712010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\70c4babbaf749f43a42010-12-24 04:18 . 2010-12-24 04:18 -------- d-----w- C:\0219c6c091bc11352e6d912010-12-24 04:17 . 2010-12-24 04:17 -------- d-----w- C:\5088597288c1ba94e32010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\893ffd6facbecd1bdae12010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\08156ec3aa9500a47e2010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\571aaf439bdc918cee53a21c5ec8c0322010-12-24 04:15 . 2010-12-24 04:15 -------- d-----w- C:\3750f0569d0635b1411e1f2cb15517ac2010-12-24 04:15 . 2010-12-24 04:15 -------- d-----w- C:\57f3331fb5c8dbb83238abb4b325c9be2010-12-24 04:14 . 2010-12-24 04:14 -------- d-----w- C:\1fe66f0e39f02e4b019637a4df0139282010-12-24 04:14 . 2010-12-24 04:14 -------- d-----w- C:\31925ef44076c8c61d692010-12-24 04:13 . 2010-12-24 04:13 -------- d-----w- C:\da0db74252d895d31432282010-12-24 04:13 . 2010-12-24 04:13 -------- d-----w- C:\f43a6c60d2d752d174b3b450d22010-12-24 02:15 . 2010-12-24 02:15 -------- d-----w- C:\718f3e9d89c2bd59606e2010-12-24 02:14 . 2010-12-24 02:14 -------- d-----w- C:\ce472f0a452fcd55f1a101c5f3af8b2010-12-24 02:14 . 2010-12-25 17:22 -------- d-----w- C:\13f53ddf082dc6787a140ba72010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269]"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]"CHotkey"="zHotkey.exe" [2004-05-18 543232]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]S0 adwikxd;adwikxd;c:\windows\system32\drivers\bekr.sys --> c:\windows\system32\drivers\bekr.sys [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uSearchAssistant = Trusted Zone: live.com\onecare.- - - - ORPHANS REMOVED - - - -Toolbar-Locked - (no file)HKCU-Run-DW6 - (no file)HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-27 20:28Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(408)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(3648)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\LEXBCES.EXEc:\windows\system32\LEXPPS.EXEc:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\zHotkey.exec:\program files\Lexmark X6100 Series\lxbfbmon.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\windows\system32\wdfmgr.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: 2010-12-27 20:32:42 - machine was rebootedComboFix-quarantined-files.txt 2010-12-28 02:32Pre-Run: 122,866,352,128 bytes freePost-Run: 124,386,492,416 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - F8B27DA671B1F66A3862954F5447271A Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366599 Share Posted December 28, 2010 Copy/paste the text in the Codebox below into notepad:Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. KillAll::File::c:\windows\002788_.tmpFolder::C:\0dd941d7f2610f30b7d323a55326C:\2aaeaeff91a25884dc00e8C:\487a6b61adb0c567cbC:\c6783c46a2fe735c7d298838b81471C:\70c4babbaf749f43a4C:\0219c6c091bc11352e6d91C:\5088597288c1ba94e3C:\893ffd6facbecd1bdae1C:\08156ec3aa9500a47eC:\571aaf439bdc918cee53a21c5ec8c032C:\3750f0569d0635b1411e1f2cb15517acC:\57f3331fb5c8dbb83238abb4b325c9beC:\1fe66f0e39f02e4b019637a4df013928C:\31925ef44076c8c61d69C:\da0db74252d895d3143228C:\f43a6c60d2d752d174b3b450d2C:\718f3e9d89c2bd59606eC:\ce472f0a452fcd55f1a101c5f3af8bC:\13f53ddf082dc6787a140ba7Save this file to your desktop, Save this as "CFScript" Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript5.Click Save ...Drag CFScript.txt into ComboFix.exeThen post the results log using Copy / PasteAlso please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366617 Share Posted December 28, 2010 The computer seems to be running a lot faster. I can now get to Microsoft Windows Update site(couldnt before). Seems like I am not getting redirected to other web sites when clicking search results in Google but I now have 2 icons on my desktop for Internet Explorer one just called Internet and shows the short cut symbol and brings up a regular properties short cut box when going to properties the other says Internet Explorer with no short cut symbol and brings up the internet Explorer properties box like it should.ComboFix 10-12-26.01 - Owner 12/27/2010 20:55:50.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.131 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtFILE ::"c:\windows\002788_.tmp".((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\0219c6c091bc11352e6d91c:\0219c6c091bc11352e6d91\compappscontent.dllc:\0219c6c091bc11352e6d91\en-us\amhelp.chmc:\0219c6c091bc11352e6d91\en-us\epploc.cabc:\0219c6c091bc11352e6d91\en-us\epploc_x86.msic:\0219c6c091bc11352e6d91\en-us\eula.rtfc:\0219c6c091bc11352e6d91\en-us\setupres.dll.muic:\0219c6c091bc11352e6d91\epplauncher.exec:\0219c6c091bc11352e6d91\eppmanifest.dllc:\0219c6c091bc11352e6d91\setup.inic:\0219c6c091bc11352e6d91\setupres.dllc:\0219c6c091bc11352e6d91\x86\dw20shared.msic:\0219c6c091bc11352e6d91\x86\epp.msic:\0219c6c091bc11352e6d91\x86\legitlib.dllc:\0219c6c091bc11352e6d91\x86\mp_ambits.msic:\0219c6c091bc11352e6d91\x86\setup.exec:\0219c6c091bc11352e6d91\x86\sqmapi.dllc:\0219c6c091bc11352e6d91\x86\windows6.0-kb981889-v2.msuc:\0219c6c091bc11352e6d91\x86\windows6.1-kb981889.msuC:\08156ec3aa9500a47ec:\08156ec3aa9500a47e\compappscontent.dllc:\08156ec3aa9500a47e\en-us\amhelp.chmc:\08156ec3aa9500a47e\en-us\epploc.cabc:\08156ec3aa9500a47e\en-us\epploc_x86.msic:\08156ec3aa9500a47e\en-us\eula.rtfc:\08156ec3aa9500a47e\en-us\setupres.dll.muic:\08156ec3aa9500a47e\epplauncher.exec:\08156ec3aa9500a47e\eppmanifest.dllc:\08156ec3aa9500a47e\setup.inic:\08156ec3aa9500a47e\setupres.dllc:\08156ec3aa9500a47e\x86\dw20shared.msic:\08156ec3aa9500a47e\x86\epp.msic:\08156ec3aa9500a47e\x86\legitlib.dllc:\08156ec3aa9500a47e\x86\mp_ambits.msic:\08156ec3aa9500a47e\x86\setup.exec:\08156ec3aa9500a47e\x86\sqmapi.dllc:\08156ec3aa9500a47e\x86\windows6.0-kb981889-v2.msuc:\08156ec3aa9500a47e\x86\windows6.1-kb981889.msuC:\0dd941d7f2610f30b7d323a55326c:\0dd941d7f2610f30b7d323a55326\compappscontent.dllc:\0dd941d7f2610f30b7d323a55326\en-us\amhelp.chmc:\0dd941d7f2610f30b7d323a55326\en-us\epploc.cabc:\0dd941d7f2610f30b7d323a55326\en-us\epploc_x86.msic:\0dd941d7f2610f30b7d323a55326\en-us\eula.rtfc:\0dd941d7f2610f30b7d323a55326\en-us\setupres.dll.muic:\0dd941d7f2610f30b7d323a55326\epplauncher.exec:\0dd941d7f2610f30b7d323a55326\eppmanifest.dllc:\0dd941d7f2610f30b7d323a55326\setup.inic:\0dd941d7f2610f30b7d323a55326\setupres.dllc:\0dd941d7f2610f30b7d323a55326\x86\legitlib.dllC:\13f53ddf082dc6787a140ba7c:\13f53ddf082dc6787a140ba7\mrtstub.exeC:\1fe66f0e39f02e4b019637a4df013928c:\1fe66f0e39f02e4b019637a4df013928\compappscontent.dllc:\1fe66f0e39f02e4b019637a4df013928\en-us\amhelp.chmc:\1fe66f0e39f02e4b019637a4df013928\en-us\epploc.cabc:\1fe66f0e39f02e4b019637a4df013928\en-us\epploc_x86.msic:\1fe66f0e39f02e4b019637a4df013928\en-us\eula.rtfc:\1fe66f0e39f02e4b019637a4df013928\en-us\setupres.dll.muic:\1fe66f0e39f02e4b019637a4df013928\epplauncher.exec:\1fe66f0e39f02e4b019637a4df013928\eppmanifest.dllc:\1fe66f0e39f02e4b019637a4df013928\setup.inic:\1fe66f0e39f02e4b019637a4df013928\setupres.dllc:\1fe66f0e39f02e4b019637a4df013928\x86\legitlib.dllc:\1fe66f0e39f02e4b019637a4df013928\x86\setup.exec:\1fe66f0e39f02e4b019637a4df013928\x86\sqmapi.dllC:\2aaeaeff91a25884dc00e8c:\2aaeaeff91a25884dc00e8\compappscontent.dllc:\2aaeaeff91a25884dc00e8\eppmanifest.dllC:\31925ef44076c8c61d69c:\31925ef44076c8c61d69\compappscontent.dllc:\31925ef44076c8c61d69\eppmanifest.dllC:\3750f0569d0635b1411e1f2cb15517acc:\3750f0569d0635b1411e1f2cb15517ac\compappscontent.dllc:\3750f0569d0635b1411e1f2cb15517ac\en-us\amhelp.chmc:\3750f0569d0635b1411e1f2cb15517ac\en-us\epploc.cabc:\3750f0569d0635b1411e1f2cb15517ac\en-us\epploc_x86.msic:\3750f0569d0635b1411e1f2cb15517ac\en-us\eula.rtfc:\3750f0569d0635b1411e1f2cb15517ac\en-us\setupres.dll.muic:\3750f0569d0635b1411e1f2cb15517ac\epplauncher.exec:\3750f0569d0635b1411e1f2cb15517ac\eppmanifest.dllc:\3750f0569d0635b1411e1f2cb15517ac\setup.inic:\3750f0569d0635b1411e1f2cb15517ac\setupres.dllc:\3750f0569d0635b1411e1f2cb15517ac\x86\dw20shared.msic:\3750f0569d0635b1411e1f2cb15517ac\x86\epp.msic:\3750f0569d0635b1411e1f2cb15517ac\x86\legitlib.dllc:\3750f0569d0635b1411e1f2cb15517ac\x86\mp_ambits.msic:\3750f0569d0635b1411e1f2cb15517ac\x86\setup.exec:\3750f0569d0635b1411e1f2cb15517ac\x86\sqmapi.dllc:\3750f0569d0635b1411e1f2cb15517ac\x86\windows6.0-kb981889-v2.msuc:\3750f0569d0635b1411e1f2cb15517ac\x86\windows6.1-kb981889.msuC:\487a6b61adb0c567cbc:\487a6b61adb0c567cb\compappscontent.dllc:\487a6b61adb0c567cb\epplauncher.exec:\487a6b61adb0c567cb\eppmanifest.dllc:\487a6b61adb0c567cb\setupres.dllC:\5088597288c1ba94e3c:\5088597288c1ba94e3\compappscontent.dllc:\5088597288c1ba94e3\en-us\amhelp.chmc:\5088597288c1ba94e3\en-us\epploc.cabc:\5088597288c1ba94e3\en-us\epploc_x86.msic:\5088597288c1ba94e3\en-us\eula.rtfc:\5088597288c1ba94e3\en-us\setupres.dll.muic:\5088597288c1ba94e3\epplauncher.exec:\5088597288c1ba94e3\eppmanifest.dllc:\5088597288c1ba94e3\setup.inic:\5088597288c1ba94e3\setupres.dllc:\5088597288c1ba94e3\x86\dw20shared.msic:\5088597288c1ba94e3\x86\epp.msic:\5088597288c1ba94e3\x86\legitlib.dllc:\5088597288c1ba94e3\x86\mp_ambits.msic:\5088597288c1ba94e3\x86\setup.exec:\5088597288c1ba94e3\x86\sqmapi.dllc:\5088597288c1ba94e3\x86\windows6.0-kb981889-v2.msuc:\5088597288c1ba94e3\x86\windows6.1-kb981889.msuC:\571aaf439bdc918cee53a21c5ec8c032c:\571aaf439bdc918cee53a21c5ec8c032\compappscontent.dllc:\571aaf439bdc918cee53a21c5ec8c032\en-us\amhelp.chmc:\571aaf439bdc918cee53a21c5ec8c032\en-us\epploc.cabc:\571aaf439bdc918cee53a21c5ec8c032\en-us\epploc_x86.msic:\571aaf439bdc918cee53a21c5ec8c032\en-us\eula.rtfc:\571aaf439bdc918cee53a21c5ec8c032\en-us\setupres.dll.muic:\571aaf439bdc918cee53a21c5ec8c032\epplauncher.exec:\571aaf439bdc918cee53a21c5ec8c032\eppmanifest.dllc:\571aaf439bdc918cee53a21c5ec8c032\setup.inic:\571aaf439bdc918cee53a21c5ec8c032\setupres.dllc:\571aaf439bdc918cee53a21c5ec8c032\x86\dw20shared.msic:\571aaf439bdc918cee53a21c5ec8c032\x86\epp.msic:\571aaf439bdc918cee53a21c5ec8c032\x86\legitlib.dllc:\571aaf439bdc918cee53a21c5ec8c032\x86\mp_ambits.msic:\571aaf439bdc918cee53a21c5ec8c032\x86\setup.exec:\571aaf439bdc918cee53a21c5ec8c032\x86\sqmapi.dllc:\571aaf439bdc918cee53a21c5ec8c032\x86\windows6.0-kb981889-v2.msuc:\571aaf439bdc918cee53a21c5ec8c032\x86\windows6.1-kb981889.msuC:\57f3331fb5c8dbb83238abb4b325c9bec:\57f3331fb5c8dbb83238abb4b325c9be\compappscontent.dllc:\57f3331fb5c8dbb83238abb4b325c9be\en-us\amhelp.chmc:\57f3331fb5c8dbb83238abb4b325c9be\en-us\epploc.cabc:\57f3331fb5c8dbb83238abb4b325c9be\en-us\epploc_x86.msic:\57f3331fb5c8dbb83238abb4b325c9be\en-us\eula.rtfc:\57f3331fb5c8dbb83238abb4b325c9be\en-us\setupres.dll.muic:\57f3331fb5c8dbb83238abb4b325c9be\epplauncher.exec:\57f3331fb5c8dbb83238abb4b325c9be\eppmanifest.dllc:\57f3331fb5c8dbb83238abb4b325c9be\setup.inic:\57f3331fb5c8dbb83238abb4b325c9be\setupres.dllc:\57f3331fb5c8dbb83238abb4b325c9be\x86\dw20shared.msic:\57f3331fb5c8dbb83238abb4b325c9be\x86\epp.msic:\57f3331fb5c8dbb83238abb4b325c9be\x86\legitlib.dllc:\57f3331fb5c8dbb83238abb4b325c9be\x86\mp_ambits.msic:\57f3331fb5c8dbb83238abb4b325c9be\x86\setup.exec:\57f3331fb5c8dbb83238abb4b325c9be\x86\sqmapi.dllc:\57f3331fb5c8dbb83238abb4b325c9be\x86\windows6.0-kb981889-v2.msuc:\57f3331fb5c8dbb83238abb4b325c9be\x86\windows6.1-kb981889.msuC:\70c4babbaf749f43a4c:\70c4babbaf749f43a4\compappscontent.dllc:\70c4babbaf749f43a4\en-us\amhelp.chmc:\70c4babbaf749f43a4\en-us\epploc.cabc:\70c4babbaf749f43a4\en-us\epploc_x86.msic:\70c4babbaf749f43a4\en-us\eula.rtfc:\70c4babbaf749f43a4\en-us\setupres.dll.muic:\70c4babbaf749f43a4\epplauncher.exec:\70c4babbaf749f43a4\eppmanifest.dllc:\70c4babbaf749f43a4\setup.inic:\70c4babbaf749f43a4\setupres.dllc:\70c4babbaf749f43a4\x86\dw20shared.msic:\70c4babbaf749f43a4\x86\epp.msic:\70c4babbaf749f43a4\x86\legitlib.dllc:\70c4babbaf749f43a4\x86\mp_ambits.msic:\70c4babbaf749f43a4\x86\setup.exec:\70c4babbaf749f43a4\x86\sqmapi.dllc:\70c4babbaf749f43a4\x86\windows6.0-kb981889-v2.msuc:\70c4babbaf749f43a4\x86\windows6.1-kb981889.msuC:\718f3e9d89c2bd59606ec:\718f3e9d89c2bd59606e\compappscontent.dllc:\718f3e9d89c2bd59606e\eppmanifest.dllc:\718f3e9d89c2bd59606e\setupres.dllC:\893ffd6facbecd1bdae1C:\c6783c46a2fe735c7d298838b81471c:\c6783c46a2fe735c7d298838b81471\compappscontent.dllc:\c6783c46a2fe735c7d298838b81471\en-us\amhelp.chmc:\c6783c46a2fe735c7d298838b81471\en-us\epploc.cabc:\c6783c46a2fe735c7d298838b81471\en-us\epploc_x86.msic:\c6783c46a2fe735c7d298838b81471\en-us\eula.rtfc:\c6783c46a2fe735c7d298838b81471\en-us\setupres.dll.muic:\c6783c46a2fe735c7d298838b81471\epplauncher.exec:\c6783c46a2fe735c7d298838b81471\eppmanifest.dllc:\c6783c46a2fe735c7d298838b81471\setup.inic:\c6783c46a2fe735c7d298838b81471\setupres.dllc:\c6783c46a2fe735c7d298838b81471\x86\dw20shared.msic:\c6783c46a2fe735c7d298838b81471\x86\epp.msic:\c6783c46a2fe735c7d298838b81471\x86\legitlib.dllc:\c6783c46a2fe735c7d298838b81471\x86\mp_ambits.msic:\c6783c46a2fe735c7d298838b81471\x86\setup.exec:\c6783c46a2fe735c7d298838b81471\x86\sqmapi.dllc:\c6783c46a2fe735c7d298838b81471\x86\windows6.0-kb981889-v2.msuc:\c6783c46a2fe735c7d298838b81471\x86\windows6.1-kb981889.msuC:\ce472f0a452fcd55f1a101c5f3af8bC:\da0db74252d895d3143228c:\da0db74252d895d3143228\compappscontent.dllc:\da0db74252d895d3143228\en-us\amhelp.chmc:\da0db74252d895d3143228\en-us\epploc.cabc:\da0db74252d895d3143228\en-us\epploc_x86.msic:\da0db74252d895d3143228\en-us\eula.rtfc:\da0db74252d895d3143228\en-us\setupres.dll.muic:\da0db74252d895d3143228\epplauncher.exec:\da0db74252d895d3143228\eppmanifest.dllc:\da0db74252d895d3143228\setup.inic:\da0db74252d895d3143228\setupres.dllc:\da0db74252d895d3143228\x86\legitlib.dllc:\da0db74252d895d3143228\x86\setup.exec:\da0db74252d895d3143228\x86\sqmapi.dllC:\f43a6c60d2d752d174b3b450d2c:\f43a6c60d2d752d174b3b450d2\compappscontent.dllc:\f43a6c60d2d752d174b3b450d2\eppmanifest.dllc:\f43a6c60d2d752d174b3b450d2\setupres.dllc:\windows\002788_.tmp.((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))).2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d82010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269]"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]"CHotkey"="zHotkey.exe" [2004-05-18 543232]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]S0 adwikxd;adwikxd;c:\windows\system32\drivers\bekr.sys --> c:\windows\system32\drivers\bekr.sys [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uSearchAssistant = Trusted Zone: live.com\onecare.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-27 21:05Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(408)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(2908)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\LEXBCES.EXEc:\windows\system32\LEXPPS.EXEc:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\windows\system32\wdfmgr.exec:\windows\zHotkey.exec:\program files\Lexmark X6100 Series\lxbfbmon.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: 2010-12-27 21:09:01 - machine was rebootedComboFix-quarantined-files.txt 2010-12-28 03:08ComboFix2.txt 2010-12-28 02:32Pre-Run: 124,406,018,048 bytes freePost-Run: 124,331,634,688 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - CCA3DBA795AE55E7489C2D4DF3C81682 Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366620 Share Posted December 28, 2010 I'm headed to bed but will check back in the morningCopy/paste the text in the Codebox below into notepad:Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. KillAll::File::c:\windows\system32\drivers\bekr.sysDriver::adwikxdSave this file to your desktop, Save this as "CFScript" Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript5.Click Save ...Drag CFScript.txt into ComboFix.exeThen post the results log using Copy / PasteAlso please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
willd Posted December 28, 2010 Author ID:366631 Share Posted December 28, 2010 Good Morning LDTate,Two things Ive noticed, when I open Internet Explorer it says it closed unexpectedly last time and askes if you want to resume where it left off and that it is not the defalt browser whether I check it to be or not.Also when I ran combofix the last two times it keeps installing the recovery console says not installed and another instance of it needs to be updated. I just keep installing it.I am working my second job the next two nights so I will try to be on after I get off work. I will try to run whatever commands you tell me to and post before I go to bed but no guarantees there. ComboFix 10-12-26.01 - Owner 12/27/2010 21:47:28.3.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.163 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtFILE ::"c:\windows\system32\drivers\bekr.sys".((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_adwikxd((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))).2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d82010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269]"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]"CHotkey"="zHotkey.exe" [2004-05-18 543232]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uSearchAssistant = Trusted Zone: live.com\onecare.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-27 21:56Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(408)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(2752)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\LEXBCES.EXEc:\windows\system32\LEXPPS.EXEc:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\windows\zHotkey.exec:\program files\Lexmark X6100 Series\lxbfbmon.exec:\windows\system32\wdfmgr.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2010-12-27 22:00:26 - machine was rebootedComboFix-quarantined-files.txt 2010-12-28 04:00ComboFix2.txt 2010-12-28 03:09ComboFix3.txt 2010-12-28 02:32Pre-Run: 124,309,282,816 bytes freePost-Run: 124,317,319,168 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 360A27C9E17D980162F6DD747A280DCA Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2010 ID:366707 Share Posted December 28, 2010 Uninstall combofix first and if IE still gives you that error, try Windows Updates and / or unistall IE 8.Uninstall Internet Explorer 8 to return to Internet Explorer 7 on Windows XPClick "Start," and then click "Control Panel."Click "Add or Remove Programs."Check "Show Updates" at the top of the dialog box.Scroll down the list and highlight the version of Internet Explorer 8 that you are running, and then click "Change/Remove." Download IE 8 again.The following will implement some cleanup procedures as well as reset System Restore points:For XP: Click START run Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.For Vista / Windows 7 Click START Search Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.If you used DeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.Here's my usual all clean postTo be on the safe side, I would also change all my passwords. This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.Log looks good Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.Without a firewall your computer is succeptible to being hacked and taken over.I am very serious about this and see it happen almost every day with my clients.Simply using a Firewall in its default configuration can lower your risk greatly.[*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.This will ensure your computer has always the latest security updates available installed on your computer.If there are new updates to install, install them immediately, reboot your computer, and revisit the siteuntil there are no more critical updates.Only run one Anti-Virus and Firewall program.I would suggest you read:PC Safety and Security--What Do I Need?.How to Prevent Malware: Link to post Share on other sites More sharing options...
willd Posted December 29, 2010 Author ID:367059 Share Posted December 29, 2010 Good morning LDTate,I want to thank you again for helping me fix this computer it appears to be running great.It is very refreshing to run across people willing to help other people in need Have a GREAT DAY,Willd Link to post Share on other sites More sharing options...
LDTate Posted December 29, 2010 ID:367123 Share Posted December 29, 2010 You're more than welcome. Glad we were able to helpPeace be with you Link to post Share on other sites More sharing options...
LDTate Posted December 29, 2010 ID:367124 Share Posted December 29, 2010 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts