Jump to content

Infected By Palladium (Removed) and Whitesmoke (Partially Removed)


Recommended Posts

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

As you requested, sir.

DDS (Ver_10-12-12.02) - NTFSx86

Run by SCOTT at 21:31:13.43 on Sun 01/30/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.291 [GMT -5:00]

AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\xampp\apache\bin\httpd.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Wave Systems Corp\Common\DataServer.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\xampp\mysql\bin\mysqld.exe

C:\xampp\apache\bin\httpd.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\HidFind.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\AOL\1156800709\ee\AOLSoftware.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe

C:\Program Files\Dell Printers\paperport\pptd40nt.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe

C:\WINDOWS\V0610Mon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ooVoo\oovoo.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\common files\aol\1156800709\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1156800709\ee\aolsoftware.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\SCOTT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.electrical-solutions.com/

uInternet Connection Wizard,ShellNext = https://quickaccess.verizonwireless.com/qui...ZwDdgltIvmN0A==

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll

TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program files\messenger\Msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\scott\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [HostManager] c:\program files\common files\aol\1156800709\ee\AOLSoftware.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [Dell MFP Color Laser Printer 3115cn Launcher] "c:\program files\dell printers\dell mfp color laser printer 3115cn\address book editor\Launcher.exe" /s

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\dell printers\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\dell printers\paperport\IndexSearch.exe"

mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Live! Central 2] "c:\program files\creative\creative live! cam\live! central 2\CTLVCentral2.exe" /mode2

mRun: [V0610Mon.exe] c:\windows\V0610Mon.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168827548953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

AppInit_DLLs: wxvault.dll

LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\w0kojufc.default\

FF - component: c:\documents and settings\scott\application data\mozilla\firefox\profiles\w0kojufc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - plugin: c:\documents and settings\scott\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\scott\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-11 11608]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-11 267944]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-12-6 29416]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-11 61960]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]

R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2007-1-12 135168]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-27 363344]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-15 24652]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-23 143936]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-3 99376]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-27 20952]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081122.003\NAVENG.SYS [2008-11-22 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081122.003\NAVEX15.SYS [2008-11-22 876112]

R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2006-8-22 77056]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2006-8-22 77056]

R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-12 1251720]

R3 V0610Afx;Creative Camera VF0610 Audio Effects Driver;c:\windows\system32\drivers\V0610Afx.sys [2011-1-23 160256]

R3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [2011-1-23 274720]

S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2005-12-9 269056]

S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [2010-12-6 57344]

=============== Created Last 30 ================

2011-01-29 17:52:01 -------- d-----w- C:\_OTL

2011-01-29 06:17:21 -------- d-----w- c:\docume~1\scott\applic~1\Reallusion

2011-01-29 01:49:12 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-28 23:34:16 -------- d-----w- c:\docume~1\scott\applic~1\Avira

2011-01-28 23:33:14 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\Temp

2011-01-28 12:48:20 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys

2011-01-28 01:35:32 -------- d-----w- C:\DriveKey

2011-01-28 00:17:59 -------- d-----w- c:\docume~1\scott\applic~1\Malwarebytes

2011-01-28 00:17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 00:17:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-28 00:17:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 00:17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-27 23:01:07 -------- d-----w- c:\windows\system32\NtmsData

2011-01-23 16:12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-23 16:12:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-23 16:12:18 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-23 15:43:42 -------- d-----w- c:\docume~1\scott\applic~1\ooVoo Details

2011-01-23 15:43:16 -------- d-----w- c:\program files\ooVoo

2011-01-23 15:29:29 53248 ------w- c:\windows\Ctregrun.exe

2011-01-23 15:29:19 7062 ----a-w- c:\windows\system32\audiopid.vxd

2011-01-23 15:28:49 160256 ----a-r- c:\windows\system32\drivers\V0610Afx.sys

2011-01-23 15:28:37 94208 ----a-r- c:\windows\CtDrvIns.exe

2011-01-23 15:28:37 24576 ----a-r- c:\windows\V0610Mon.exe

2011-01-23 15:28:35 65536 ----a-r- c:\windows\system32\V0610Ext.crl

2011-01-23 15:28:35 40960 ----a-r- c:\windows\system32\V0610Pin.dll

2011-01-23 15:28:35 36864 ----a-r- c:\windows\system32\CtCamMgr.dll

2011-01-23 15:28:35 32768 ----a-r- c:\windows\system32\V0610Hwx.dll

2011-01-23 15:28:35 20480 ----a-r- c:\windows\system32\CtCamPin.crl

2011-01-23 15:28:35 114688 ----a-r- c:\windows\system32\V0610Ext.ax

2011-01-23 15:28:34 274720 ----a-r- c:\windows\system32\drivers\V0610Vid.sys

2011-01-23 15:26:56 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe

2011-01-23 15:26:56 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2011-01-23 15:26:14 -------- d-----w- c:\windows\RegisteredPackages

2011-01-23 15:22:48 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2011-01-23 15:22:48 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

2011-01-23 15:22:38 28672 ----a-w- c:\windows\system32\vidcap.ax

2011-01-23 15:22:37 90624 ----a-w- c:\windows\system32\kswdmcap.ax

2011-01-23 15:22:37 61952 ----a-w- c:\windows\system32\kstvtune.ax

2011-01-23 15:22:36 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2011-01-23 15:22:36 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys

2011-01-23 15:22:36 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2011-01-23 15:22:36 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2011-01-23 15:22:35 20992 ----a-w- c:\windows\system32\dshowext.ax

2011-01-23 15:22:34 43008 ----a-w- c:\windows\system32\ksxbar.ax

2011-01-13 21:57:44 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\Google

2011-01-11 21:36:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-11 21:36:44 -------- d-----w- c:\program files\Avira

2011-01-11 21:36:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-01-08 23:48:28 -------- d-----w- c:\docume~1\scott\applic~1\PeaZip

2011-01-08 23:04:59 -------- d-----w- c:\program files\PeaZip

==================== Find3M ====================

2010-12-19 18:01:57 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HTS721080G9SA00 rev.MC4OC10H -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8677259F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867787b0]; MOV EAX, [0x8677882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x86752AB8]

3 CLASSPNP[0xF765305B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x86728B28]

\Driver\atapi[0x8674F8C0] -> IRP_MJ_CREATE -> 0x8677259F

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&1f698b3f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x867723E5

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 21:33:49.93 ===============

Link to post
Share on other sites

Please don't attach the scans / logs from these scans, use "copy/paste".

Looks like you're running 2 anti-virus programs.

AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Norton Internet Security

AntiVir

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Next:

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Just a heads up, wuauclt.exe and mshta.exe were opened a lot prior to the reboot... the log is below from the killer. Also, my USB flash stick refuses to open on this computer..is my usb port bad? My camera works fine on it.

2011/01/31 15:43:13.0531 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/31 15:43:13.0531 ================================================================================

2011/01/31 15:43:13.0531 SystemInfo:

2011/01/31 15:43:13.0531

2011/01/31 15:43:13.0531 OS Version: 5.1.2600 ServicePack: 2.0

2011/01/31 15:43:13.0531 Product type: Workstation

2011/01/31 15:43:13.0531 ComputerName: LAPTOP

2011/01/31 15:43:13.0531 UserName: SCOTT

2011/01/31 15:43:13.0531 Windows directory: C:\WINDOWS

2011/01/31 15:43:13.0531 System windows directory: C:\WINDOWS

2011/01/31 15:43:13.0531 Processor architecture: Intel x86

2011/01/31 15:43:13.0531 Number of processors: 2

2011/01/31 15:43:13.0531 Page size: 0x1000

2011/01/31 15:43:13.0531 Boot type: Normal boot

2011/01/31 15:43:13.0531 ================================================================================

2011/01/31 15:43:13.0828 Initialize success

2011/01/31 15:43:16.0109 ================================================================================

2011/01/31 15:43:16.0109 Scan started

2011/01/31 15:43:16.0109 Mode: Manual;

2011/01/31 15:43:16.0109 ================================================================================

2011/01/31 15:43:17.0734 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/31 15:43:17.0765 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/31 15:43:17.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/31 15:43:17.0828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/31 15:43:17.0890 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/01/31 15:43:17.0953 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/01/31 15:43:18.0062 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/01/31 15:43:18.0187 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/31 15:43:18.0218 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/31 15:43:18.0234 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/31 15:43:18.0265 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/31 15:43:18.0281 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/31 15:43:18.0328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/31 15:43:18.0343 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/31 15:43:18.0359 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/31 15:43:18.0390 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/31 15:43:18.0453 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/31 15:43:18.0500 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/01/31 15:43:18.0531 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/31 15:43:18.0546 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/31 15:43:18.0562 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/31 15:43:18.0609 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/01/31 15:43:18.0671 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/31 15:43:18.0781 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/31 15:43:19.0218 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/31 15:43:19.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/31 15:43:19.0437 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/01/31 15:43:19.0484 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/01/31 15:43:19.0531 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/01/31 15:43:19.0562 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/01/31 15:43:19.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/31 15:43:19.0734 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/31 15:43:19.0750 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/31 15:43:19.0812 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/31 15:43:19.0859 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/31 15:43:19.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/31 15:43:19.0937 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/31 15:43:19.0968 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/31 15:43:20.0031 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/31 15:43:20.0046 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/31 15:43:20.0093 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/31 15:43:20.0156 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/31 15:43:20.0265 CtClsFlt (ada3fe4d1b92fd0877fb4837d9fd5199) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys

2011/01/31 15:43:20.0281 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/31 15:43:20.0296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/31 15:43:20.0343 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/31 15:43:20.0421 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/31 15:43:20.0500 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/31 15:43:20.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/31 15:43:20.0593 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/31 15:43:20.0656 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/31 15:43:20.0734 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/31 15:43:20.0765 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/31 15:43:20.0921 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/01/31 15:43:20.0937 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/01/31 15:43:21.0015 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/31 15:43:21.0171 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/31 15:43:21.0203 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/31 15:43:21.0218 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/31 15:43:21.0296 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/31 15:43:21.0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/31 15:43:21.0359 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/31 15:43:21.0437 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/01/31 15:43:21.0500 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/31 15:43:21.0562 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/31 15:43:21.0609 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/31 15:43:21.0671 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/31 15:43:21.0734 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2011/01/31 15:43:21.0906 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/01/31 15:43:21.0968 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/31 15:43:22.0015 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/31 15:43:22.0062 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/31 15:43:22.0093 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/31 15:43:22.0156 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/31 15:43:22.0234 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/31 15:43:22.0265 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/31 15:43:22.0296 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/31 15:43:22.0312 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/31 15:43:22.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/31 15:43:22.0359 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/31 15:43:22.0421 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/31 15:43:22.0453 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/31 15:43:22.0468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/31 15:43:22.0515 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/31 15:43:22.0531 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/31 15:43:22.0593 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/31 15:43:22.0671 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/31 15:43:22.0718 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/31 15:43:22.0875 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/01/31 15:43:22.0921 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/31 15:43:22.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/31 15:43:23.0015 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/31 15:43:23.0046 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/31 15:43:23.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/31 15:43:23.0140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/31 15:43:23.0234 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/31 15:43:23.0328 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/31 15:43:23.0406 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/31 15:43:23.0468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/31 15:43:23.0500 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/31 15:43:23.0515 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/31 15:43:23.0531 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/31 15:43:23.0578 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/31 15:43:23.0640 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/31 15:43:23.0718 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/31 15:43:23.0765 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/31 15:43:23.0828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/31 15:43:23.0859 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/31 15:43:23.0921 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/31 15:43:23.0937 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/31 15:43:23.0968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/31 15:43:24.0000 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/31 15:43:24.0015 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/31 15:43:24.0093 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/31 15:43:24.0140 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/31 15:43:24.0250 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/31 15:43:24.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/31 15:43:24.0546 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/31 15:43:24.0875 NW001NDIS (32d158e8c226c4b5bba862fb67dd6f64) C:\WINDOWS\system32\DRIVERS\nw01ndis.sys

2011/01/31 15:43:24.0937 NWADI (039e60681bb68fd38d18684fd6b9db84) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

2011/01/31 15:43:25.0000 NWDellModem (3494ca48eacbb2411727530191d0ff7c) C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys

2011/01/31 15:43:25.0015 NWDellPort (3494ca48eacbb2411727530191d0ff7c) C:\WINDOWS\system32\DRIVERS\nwdelser.sys

2011/01/31 15:43:25.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/31 15:43:25.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/31 15:43:25.0093 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/01/31 15:43:25.0125 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/31 15:43:25.0156 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/31 15:43:25.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/31 15:43:25.0312 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys

2011/01/31 15:43:25.0359 PCASp50 (803c8e7f4d00fe832c1f3871514fec85) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/01/31 15:43:25.0375 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/31 15:43:25.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/31 15:43:25.0437 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/31 15:43:25.0546 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/31 15:43:25.0562 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/31 15:43:25.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/31 15:43:25.0640 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/31 15:43:25.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/31 15:43:25.0671 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/31 15:43:25.0687 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/31 15:43:25.0718 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/31 15:43:25.0734 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/31 15:43:25.0750 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/31 15:43:25.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/31 15:43:25.0828 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/31 15:43:25.0843 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/31 15:43:25.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/31 15:43:25.0937 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/31 15:43:25.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/31 15:43:26.0000 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/31 15:43:26.0109 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/31 15:43:26.0156 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/31 15:43:26.0218 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/01/31 15:43:26.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/31 15:43:26.0343 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/31 15:43:26.0375 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/31 15:43:26.0390 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/31 15:43:26.0453 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/31 15:43:26.0578 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/31 15:43:26.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/31 15:43:26.0656 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/31 15:43:26.0687 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/31 15:43:26.0781 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/31 15:43:26.0921 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/01/31 15:43:27.0046 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

2011/01/31 15:43:27.0125 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/31 15:43:27.0250 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/31 15:43:27.0328 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/31 15:43:27.0359 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/31 15:43:27.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/31 15:43:27.0453 SYMDNS (3adcc83bc09afd901640fb5f7b2de805) C:\WINDOWS\System32\Drivers\SYMDNS.SYS

2011/01/31 15:43:27.0515 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2011/01/31 15:43:27.0640 SYMFW (f8b9c44e32ae1bf1362a037b89c671d3) C:\WINDOWS\System32\Drivers\SYMFW.SYS

2011/01/31 15:43:27.0671 SYMIDS (56e465ec84ffc6ea28fed08b16e71d10) C:\WINDOWS\System32\Drivers\SYMIDS.SYS

2011/01/31 15:43:27.0687 SYMNDIS (94c2d86545943e5bb9c024fe10c137b5) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS

2011/01/31 15:43:27.0703 SYMREDRV (5e5723b168cc224a4e166bda42b088a6) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2011/01/31 15:43:27.0765 SYMTDI (dc8744a9d3d80462e62427dedce0f0aa) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2011/01/31 15:43:27.0828 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/31 15:43:27.0843 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/31 15:43:27.0906 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/31 15:43:28.0000 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/31 15:43:28.0125 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/31 15:43:28.0156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/31 15:43:28.0203 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/31 15:43:28.0234 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/31 15:43:28.0281 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/01/31 15:43:28.0343 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys

2011/01/31 15:43:28.0421 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/01/31 15:43:28.0437 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/01/31 15:43:28.0500 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/31 15:43:28.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/31 15:43:28.0687 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/31 15:43:28.0750 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/31 15:43:28.0812 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/31 15:43:28.0859 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/31 15:43:28.0953 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2011/01/31 15:43:28.0984 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/31 15:43:29.0015 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/31 15:43:29.0078 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/31 15:43:29.0125 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/31 15:43:29.0156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/31 15:43:29.0218 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/31 15:43:29.0281 V0610Afx (3f7ee8d806fd53b95223fa5459661a2f) C:\WINDOWS\system32\DRIVERS\V0610Afx.sys

2011/01/31 15:43:29.0406 V0610Vid (ed365b0199437c05ac409f94d73706ef) C:\WINDOWS\system32\DRIVERS\V0610Vid.sys

2011/01/31 15:43:29.0437 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/01/31 15:43:29.0468 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/31 15:43:29.0484 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/31 15:43:29.0531 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/31 15:43:29.0625 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/01/31 15:43:29.0781 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/31 15:43:29.0859 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/31 15:43:29.0937 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/31 15:43:30.0031 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2011/01/31 15:43:30.0187 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/31 15:43:30.0250 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/31 15:43:30.0296 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/31 15:43:30.0296 ================================================================================

2011/01/31 15:43:30.0296 Scan finished

2011/01/31 15:43:30.0296 ================================================================================

2011/01/31 15:43:30.0312 Detected object count: 1

2011/01/31 15:43:34.0953 \HardDisk0 - will be cured after reboot

2011/01/31 15:43:34.0953 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/31 15:43:38.0375 Deinitialize success

Link to post
Share on other sites

Also, my USB flash stick refuses to open on this computer..is my usb port bad? My camera works fine on it.
That might mean your flash stick is bad.

Reboot if you haven't already after the TDSSKiller sacn.

After the above:

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is that log you requested, sir.

ComboFix 11-01-31.01 - SCOTT 01/31/2011 16:25:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.340 [GMT -5:00]

Running from: c:\documents and settings\SCOTT\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\SCOTT\Application Data\completescan_pal

c:\documents and settings\SCOTT\Application Data\install_pal

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))

.

2011-01-31 03:45 . 2011-01-31 21:03 -------- d-----w- c:\documents and settings\SCOTT\Application Data\skypePM

2011-01-31 03:41 . 2011-01-31 03:41 -------- d-----w- c:\program files\Common Files\Skype

2011-01-31 03:41 . 2011-01-31 03:42 -------- d-----r- c:\program files\Skype

2011-01-31 03:41 . 2011-01-31 21:35 -------- d-----w- c:\documents and settings\SCOTT\Application Data\Skype

2011-01-31 03:41 . 2011-01-31 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2011-01-29 17:52 . 2011-01-29 17:52 -------- d-----w- C:\_OTL

2011-01-29 06:17 . 2011-01-29 06:17 -------- d-----w- c:\documents and settings\SCOTT\Application Data\Reallusion

2011-01-29 01:49 . 2011-01-29 01:49 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-29 00:20 . 2011-01-29 00:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-01-29 00:20 . 2011-01-29 00:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-01-28 23:34 . 2011-01-28 23:34 -------- d-----w- c:\documents and settings\SCOTT\Application Data\Avira

2011-01-28 23:33 . 2011-01-28 23:33 -------- d-----w- c:\documents and settings\SCOTT\Local Settings\Application Data\Temp

2011-01-28 01:35 . 2011-01-28 23:34 -------- d-----w- C:\DriveKey

2011-01-28 00:17 . 2011-01-28 00:17 -------- d-----w- c:\documents and settings\SCOTT\Application Data\Malwarebytes

2011-01-28 00:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 00:17 . 2011-01-28 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-28 00:17 . 2011-01-29 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 00:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-27 23:01 . 2011-01-28 23:34 -------- d-----w- c:\windows\system32\NtmsData

2011-01-23 16:12 . 2011-01-23 16:12 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-01-23 16:12 . 2011-01-23 16:11 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-23 16:12 . 2011-01-23 16:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-23 15:43 . 2011-01-23 15:43 -------- d-----w- c:\documents and settings\SCOTT\Application Data\ooVoo Details

2011-01-23 15:43 . 2011-01-31 02:52 -------- d-----w- c:\program files\ooVoo

2011-01-23 15:39 . 2011-01-23 15:39 -------- d-----w- c:\documents and settings\SCOTT\Application Data\Creative

2011-01-23 15:36 . 2011-01-29 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative

2011-01-23 15:29 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe

2011-01-23 15:29 . 2003-06-13 04:25 7062 ----a-w- c:\windows\system32\audiopid.vxd

2011-01-23 15:28 . 2009-03-24 09:53 160256 ----a-r- c:\windows\system32\drivers\V0610Afx.sys

2011-01-23 15:28 . 2009-10-19 01:00 24576 ----a-r- c:\windows\V0610Mon.exe

2011-01-23 15:28 . 2009-03-18 10:30 94208 ----a-r- c:\windows\CtDrvIns.exe

2011-01-23 15:28 . 2009-11-25 01:01 32768 ----a-r- c:\windows\system32\V0610Hwx.dll

2011-01-23 15:28 . 2009-10-20 03:23 40960 ----a-r- c:\windows\system32\V0610Pin.dll

2011-01-23 15:28 . 2009-07-03 01:00 65536 ----a-r- c:\windows\system32\V0610Ext.crl

2011-01-23 15:28 . 2009-07-03 01:00 114688 ----a-r- c:\windows\system32\V0610Ext.ax

2011-01-23 15:28 . 2009-06-26 05:40 36864 ----a-r- c:\windows\system32\CtCamMgr.dll

2011-01-23 15:28 . 2007-08-23 11:46 20480 ----a-r- c:\windows\system32\CtCamPin.crl

2011-01-23 15:28 . 2009-11-25 01:01 274720 ----a-r- c:\windows\system32\drivers\V0610Vid.sys

2011-01-23 15:26 . 2004-10-11 16:20 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe

2011-01-23 15:26 . 2004-10-11 16:20 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll

2011-01-23 15:22 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2011-01-23 15:22 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

2011-01-23 15:22 . 2004-08-04 05:56 28672 ----a-w- c:\windows\system32\vidcap.ax

2011-01-23 15:22 . 2004-08-04 05:56 90624 ----a-w- c:\windows\system32\kswdmcap.ax

2011-01-23 15:22 . 2004-08-04 05:56 61952 ----a-w- c:\windows\system32\kstvtune.ax

2011-01-23 15:22 . 2004-08-04 05:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2011-01-23 15:22 . 2004-08-04 05:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2011-01-23 15:22 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2011-01-23 15:22 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys

2011-01-23 15:22 . 2004-08-04 05:56 20992 ----a-w- c:\windows\system32\dshowext.ax

2011-01-23 15:22 . 2004-08-04 05:56 43008 ----a-w- c:\windows\system32\ksxbar.ax

2011-01-13 21:57 . 2011-01-28 23:33 -------- d-----w- c:\documents and settings\SCOTT\Local Settings\Application Data\Google

2011-01-11 21:36 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-11 21:36 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-11 21:36 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-01-11 21:36 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-01-11 21:36 . 2011-01-11 21:36 -------- d-----w- c:\program files\Avira

2011-01-11 21:36 . 2011-01-11 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-01-08 23:48 . 2011-01-08 23:48 -------- d-----w- c:\documents and settings\SCOTT\Application Data\PeaZip

2011-01-08 23:04 . 2011-01-08 23:05 -------- d-----w- c:\program files\PeaZip

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-19 18:01 . 2010-12-19 18:01 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Google Update"="c:\documents and settings\SCOTT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-13 136176]

"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-01-25 22504120]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]

"nwiz"="nwiz.exe" [2006-01-19 1519616]

"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]

"HostManager"="c:\program files\Common Files\AOL\1156800709\ee\AOLSoftware.exe" [2006-09-26 50736]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-28 26112]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]

"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2006-08-10 389120]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2006-06-30 36864]

"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2006-06-30 40960]

"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2006-02-23 192512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-11-04 426140]

"V0610Mon.exe"="c:\windows\V0610Mon.exe" [2009-10-19 24576]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-22 24576]

EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\1156800709\\ee\\aolservicehost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\1156800709\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

"1043:TCP"= 1043:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 5:00 PM 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/11/2011 4:36 PM 135336]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/6/2010 7:08 AM 29416]

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [1/12/2007 10:51 PM 135168]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/27/2011 7:17 PM 363344]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2009 10:12 PM 24652]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/23/2011 10:23 AM 143936]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/3/2008 2:33 PM 99376]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/27/2011 7:17 PM 20952]

R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [8/22/2006 10:23 PM 77056]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [8/22/2006 10:23 PM 77056]

R3 V0610Afx;Creative Camera VF0610 Audio Effects Driver;c:\windows\system32\drivers\V0610Afx.sys [1/23/2011 10:28 AM 160256]

R3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [1/23/2011 10:28 AM 274720]

S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [12/9/2005 4:39 PM 269056]

S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [12/6/2010 7:16 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-LAPTOP-SCOTT.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-24 08:44]

2011-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1167855337-3725525413-2308234161-1005Core.job

- c:\documents and settings\SCOTT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 21:57]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1167855337-3725525413-2308234161-1005UA.job

- c:\documents and settings\SCOTT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.electrical-solutions.com/

uInternet Connection Wizard,ShellNext = https://quickaccess.verizonwireless.com/qui...ZwDdgltIvmN0A==

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\SCOTT\Application Data\Mozilla\Firefox\Profiles\w0kojufc.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

AddRemove-SymSetupTemp.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8} - c:\program files\Common Files\Symantec Shared\SymSetup\{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}_12_0_0_52\SymSetup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-31 16:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1167855337-3725525413-2308234161-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4448)

c:\windows\system32\WININET.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Wave Systems Corp\Common\DataServer.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\xampp\mysql\bin\mysqld.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

c:\windows\system32\rundll32.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\stsystra.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\common files\aol\1156800709\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2011-01-31 16:48:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-31 21:48

Pre-Run: 60,165,394,432 bytes free

Post-Run: 60,468,531,200 bytes free

- - End Of File - - 87DAAECF9125C1AB0F6E50BC6B24E10C

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.