Jump to content

Post-System Tool Infection


Recommended Posts

Recently I had a run in with "System Tool". I followed the steps here to remove it: http://www.bleepingcomputer.com/virus-removal/remove-system-tool

Part of the process including installing your software, cheers! However, after removing the threat I still am getting the following:

10:51:44	Anthony	MESSAGE	Protection started successfully
10:52:12 Anthony MESSAGE IP Protection started successfully
10:53:06 Anthony IP-BLOCK 85.25.146.86
10:53:08 Anthony IP-BLOCK 85.25.146.86
10:53:12 Anthony IP-BLOCK 85.25.146.86
10:53:21 Anthony IP-BLOCK 85.25.146.86
10:53:38 Anthony IP-BLOCK 85.25.146.86
10:53:42 Anthony IP-BLOCK 91.216.122.250
10:53:44 Anthony IP-BLOCK 91.216.122.250
10:53:50 Anthony IP-BLOCK 91.216.122.250
10:54:01 Anthony IP-BLOCK 85.25.146.86
10:54:08 Anthony IP-BLOCK 85.25.146.86
10:54:38 Anthony IP-BLOCK 85.25.146.86
10:54:41 Anthony IP-BLOCK 85.25.146.86
10:54:45 Anthony IP-BLOCK 85.25.146.86
10:54:46 Anthony IP-BLOCK 95.64.11.13
10:54:48 Anthony IP-BLOCK 85.25.146.86
10:54:49 Anthony IP-BLOCK 95.64.11.13
10:54:52 Anthony IP-BLOCK 85.25.146.86
10:54:54 Anthony IP-BLOCK 85.25.146.86
10:54:55 Anthony IP-BLOCK 95.64.11.13
10:55:01 Anthony IP-BLOCK 85.25.146.86
10:55:04 Anthony IP-BLOCK 85.25.146.86
10:55:08 Anthony IP-BLOCK 94.228.209.213
10:55:10 Anthony IP-BLOCK 85.25.146.86
10:55:10 Anthony IP-BLOCK 94.228.209.213
10:55:11 Anthony IP-BLOCK 85.25.146.86
10:55:12 Anthony IP-BLOCK 85.25.146.86
10:55:13 Anthony IP-BLOCK 85.25.146.86
10:55:13 Anthony IP-BLOCK 85.25.146.86
10:55:15 Anthony IP-BLOCK 85.25.146.86
10:55:16 Anthony IP-BLOCK 94.228.209.213
10:55:19 Anthony IP-BLOCK 85.25.146.86
10:55:19 Anthony IP-BLOCK 85.25.146.86
10:55:22 Anthony IP-BLOCK 85.25.146.86
10:55:25 Anthony IP-BLOCK 85.25.146.86
10:55:27 Anthony IP-BLOCK 85.25.146.86
10:55:28 Anthony IP-BLOCK 85.25.146.86
10:55:29 Anthony IP-BLOCK 95.64.11.13
10:55:31 Anthony IP-BLOCK 85.25.146.86
10:55:32 Anthony IP-BLOCK 95.64.11.13
10:55:34 Anthony IP-BLOCK 85.25.146.86
10:55:38 Anthony IP-BLOCK 95.64.11.13
10:55:45 Anthony IP-BLOCK 85.25.146.86
11:00:26 Anthony MESSAGE Protection started successfully
11:00:40 Anthony MESSAGE IP Protection started successfully
11:02:45 Anthony IP-BLOCK 91.216.122.250
11:02:48 Anthony IP-BLOCK 91.216.122.250
11:02:54 Anthony IP-BLOCK 91.216.122.250
11:04:02 Anthony IP-BLOCK 91.212.226.6
11:04:04 Anthony IP-BLOCK 91.212.226.6
11:04:08 Anthony IP-BLOCK 91.212.226.6
11:04:10 Anthony IP-BLOCK 91.212.226.6
11:04:11 Anthony IP-BLOCK 91.212.226.6
11:04:17 Anthony IP-BLOCK 91.212.226.6
11:04:22 Anthony IP-BLOCK 91.212.226.6
11:04:23 Anthony IP-BLOCK 91.212.226.6
11:04:25 Anthony IP-BLOCK 91.212.226.6
11:04:26 Anthony IP-BLOCK 91.212.226.6
11:04:29 Anthony IP-BLOCK 91.212.226.6
11:04:31 Anthony IP-BLOCK 91.212.226.6
11:04:32 Anthony IP-BLOCK 91.212.226.6
11:04:38 Anthony IP-BLOCK 91.212.226.6
11:04:44 Anthony IP-BLOCK 91.212.226.6
11:04:47 Anthony IP-BLOCK 91.212.226.6
11:04:53 Anthony IP-BLOCK 91.212.226.6
11:09:43 Anthony IP-BLOCK 91.212.226.6
11:09:44 Anthony IP-BLOCK 194.60.205.222
11:09:46 Anthony IP-BLOCK 91.212.226.6
11:09:47 Anthony IP-BLOCK 194.60.205.222
11:09:52 Anthony IP-BLOCK 91.212.226.6
11:09:53 Anthony IP-BLOCK 194.60.205.222
11:09:58 Anthony IP-BLOCK 91.212.226.6
11:10:01 Anthony IP-BLOCK 91.212.226.6
11:10:04 Anthony IP-BLOCK 91.212.226.6
11:10:06 Anthony IP-BLOCK 62.122.75.138
11:10:07 Anthony IP-BLOCK 91.212.226.6
11:10:09 Anthony IP-BLOCK 62.122.75.138
11:10:13 Anthony IP-BLOCK 91.212.226.6
11:10:15 Anthony IP-BLOCK 62.122.75.138
11:10:19 Anthony IP-BLOCK 91.212.226.6
11:10:22 Anthony IP-BLOCK 91.212.226.6
11:10:28 Anthony IP-BLOCK 91.212.226.6
11:13:06 Anthony IP-BLOCK 91.193.194.8
11:13:09 Anthony IP-BLOCK 91.193.194.8
11:13:15 Anthony IP-BLOCK 91.193.194.8
11:13:32 Anthony IP-BLOCK 91.212.226.6
11:13:35 Anthony IP-BLOCK 91.212.226.6
11:13:37 Anthony IP-BLOCK 91.212.226.6
11:13:40 Anthony IP-BLOCK 91.212.226.6
11:13:41 Anthony IP-BLOCK 91.212.226.6
11:13:46 Anthony IP-BLOCK 91.212.226.6
11:13:53 Anthony IP-BLOCK 91.212.226.6
11:13:56 Anthony IP-BLOCK 91.212.226.6
11:13:58 Anthony IP-BLOCK 91.212.226.6
11:14:01 Anthony IP-BLOCK 91.212.226.6
11:14:02 Anthony IP-BLOCK 91.212.226.6
11:14:07 Anthony IP-BLOCK 91.212.226.6
11:14:28 Anthony IP-BLOCK 91.212.226.6
11:14:31 Anthony IP-BLOCK 91.212.226.6
11:14:37 Anthony IP-BLOCK 91.212.226.6
11:14:49 Anthony IP-BLOCK 91.212.226.6
11:14:52 Anthony IP-BLOCK 91.212.226.6
11:14:58 Anthony IP-BLOCK 91.212.226.6
11:15:48 Anthony IP-BLOCK 91.212.226.6
11:15:51 Anthony IP-BLOCK 91.212.226.6
11:15:54 Anthony IP-BLOCK 91.212.226.6
11:15:57 Anthony IP-BLOCK 91.212.226.6
11:15:57 Anthony IP-BLOCK 91.212.226.6
11:16:03 Anthony IP-BLOCK 91.212.226.6
11:16:09 Anthony IP-BLOCK 91.212.226.6
11:16:12 Anthony IP-BLOCK 91.212.226.6
11:16:15 Anthony IP-BLOCK 91.212.226.6
11:16:18 Anthony IP-BLOCK 91.212.226.6
11:16:18 Anthony IP-BLOCK 91.212.226.6
11:16:24 Anthony IP-BLOCK 91.212.226.6
11:23:17 Anthony IP-BLOCK 91.212.226.6
11:23:20 Anthony IP-BLOCK 91.212.226.6
11:23:20 Anthony IP-BLOCK 95.64.11.13
11:23:23 Anthony IP-BLOCK 95.64.11.13
11:23:26 Anthony IP-BLOCK 91.212.226.6
11:23:27 Anthony IP-BLOCK 91.216.122.250
11:23:29 Anthony IP-BLOCK 95.64.11.13
11:23:30 Anthony IP-BLOCK 91.216.122.250
11:23:36 Anthony IP-BLOCK 91.216.122.250
11:23:38 Anthony IP-BLOCK 91.212.226.6
11:23:41 Anthony IP-BLOCK 91.212.226.6
11:23:41 Anthony IP-BLOCK 94.228.209.213
11:23:44 Anthony IP-BLOCK 94.228.209.213
11:23:47 Anthony IP-BLOCK 91.212.226.6
11:23:50 Anthony IP-BLOCK 94.228.209.213

I ran a quick scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5918

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2011 11:22:36 AM
mbam-log-2011-03-01 (11-22-36).txt

Scan type: Quick scan
Objects scanned: 173236
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

What should I do? Thanks

Link to post
Share on other sites

Hey,

I attached Attach.txt in a ZIP as instructed, just incase.

Here is the DDS dump (DDS.txt):


DDS (Ver_10-12-12.02) - NTFSx86
Run by Anthony at 11:47:09.63 on Tue 03/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2807.1839 [GMT -8:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\rundll32.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\WINXP\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINXP\system32\AppleOSSMgr.exe
C:\WINXP\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Anthony\My Documents\Downloads\evjn4wkm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Google Update] "c:\documents and settings\anthony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\anthony\startm~1\programs\startup\xchat.lnk - c:\program files\xchat\xchat.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\gjr470vt.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\anthony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winxp\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org

============= SERVICES / DRIVERS ===============

R0 AppleHFS;AppleHFS;c:\winxp\system32\drivers\AppleHFS.sys [2010-11-11 49280]
R0 AppleMNT;AppleMNT;c:\winxp\system32\drivers\AppleMNT.sys [2010-11-11 6784]
R1 ehdrv;ehdrv;c:\winxp\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\winxp\system32\drivers\epfwtdir.sys [2010-6-24 95896]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\winxp\system32\AppleOSSMgr.exe [2010-11-11 193848]
R2 AppleTimeSrv;Apple Time Service;c:\winxp\system32\AppleTimeSrv.exe [2010-1-16 99640]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2010-2-1 36864]
R2 KeyAgent;KeyAgent;c:\winxp\system32\drivers\KeyAgent.sys [2010-11-11 6528]
R2 MacHALDriver;Mac HAL;c:\winxp\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-1 304464]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-4 2253688]
R3 applemtm;Apple Multitouch Mouse;c:\winxp\system32\drivers\applemtm.sys [2010-11-27 10880]
R3 applemtp;Apple Multitouch;c:\winxp\system32\drivers\applemtp.sys [2010-11-27 29824]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\winxp\system32\drivers\vrtaucbl.sys [2011-2-5 50728]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\winxp\system32\drivers\IRFilter.sys [2010-11-27 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\winxp\system32\drivers\KeyMagic.sys [2010-11-27 23552]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-3-1 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\winxp\system32\drivers\nvhda32.sys [2010-11-27 100712]
S1 IDMTDI;IDMTDI;c:\winxp\system32\drivers\idmtdi.sys --> c:\winxp\system32\drivers\idmtdi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CEDRIVER60;CEDRIVER60;\??\c:\program files\cheat engine 6\dbk32.sys --> c:\program files\cheat engine 6\dbk32.sys [?]
S3 dxdiag;dxdiag;\??\c:\docume~1\anthony\locals~1\temp\dxdiag.sys --> c:\docume~1\anthony\locals~1\temp\dxdiag.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RYW;RYW;c:\docume~1\anthony\locals~1\temp\ryw.exe --> c:\docume~1\anthony\locals~1\temp\RYW.exe [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-01 17:45:45 -------- d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2011-03-01 17:45:39 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2011-03-01 17:45:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-01 17:45:37 20952 ----a-w- c:\winxp\system32\drivers\mbam.sys
2011-03-01 17:45:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 08:29:03 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\ESET
2011-03-01 08:12:15 -------- d-----w- c:\program files\TNod User & Password Finder
2011-03-01 08:11:58 -------- d-----w- c:\program files\ESET
2011-03-01 07:37:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-01 07:37:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-01 07:22:36 -------- d-----w- c:\docume~1\anthony\applic~1\xrwasodqnqvtosfvhhjoyvxmhhjkfavh2
2011-03-01 07:21:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\bEkEmAe06108
2011-03-01 07:19:19 -------- d-----w- c:\docume~1\anthony\applic~1\xxnqhuxfdhuvrkjlqbifc2lejqtoxtr2
2011-02-26 00:10:47 -------- d-----w- c:\program files\iPod
2011-02-26 00:10:44 -------- d-----w- c:\program files\iTunes
2011-02-25 01:38:18 -------- d-----w- c:\docume~1\anthony\applic~1\Subversion
2011-02-25 01:38:08 -------- d-----w- C:\Git
2011-02-25 01:34:56 -------- d-----w- c:\documents and settings\anthony\.ssh
2011-02-25 01:33:05 -------- d-----w- c:\program files\Git
2011-02-25 01:31:08 -------- d-----w- c:\docume~1\anthony\applic~1\syntevo
2011-02-25 01:30:46 -------- d-----w- c:\program files\SmartGit 2
2011-02-24 01:42:48 -------- d-----w- c:\docume~1\anthony\applic~1\Microsoft Corporation
2011-02-24 00:39:48 -------- d-----w- C:\csl.client
2011-02-20 09:51:07 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Nem's Tools
2011-02-20 09:26:33 -------- d-----r- C:\Sandbox
2011-02-20 09:25:52 -------- d-----w- c:\program files\Sandboxie
2011-02-20 09:03:18 -------- d-----w- C:\iDEFENSE
2011-02-20 08:25:10 313475 ----a-w- c:\docume~1\anthony\applic~1\3yqwh3365HI.exe
2011-02-20 08:25:10 213569 ----a-w- c:\docume~1\anthony\applic~1\4yqwh3365HI.exe
2011-02-19 21:12:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Microsoft Visual Studio
2011-02-19 05:14:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2011-02-19 05:08:58 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-02-19 05:08:48 -------- d-----w- c:\program files\IIS
2011-02-19 05:07:49 18368 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2011-02-19 05:07:46 2236480 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2011-02-19 04:58:54 -------- d-----w- c:\program files\Microsoft F#
2011-02-19 04:58:54 -------- d-----w- c:\program files\HTML Help Workshop
2011-02-19 00:04:20 -------- d-----w- C:\csl
2011-02-18 23:42:05 -------- d-----w- c:\program files\Microsoft SQL Server
2011-02-18 23:41:45 188128 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-02-18 23:35:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-18 23:34:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-18 23:34:31 112832 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
2011-02-18 23:32:38 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-02-18 23:32:38 -------- d-----w- c:\program files\common files\Merge Modules
2011-02-18 23:32:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-02-17 07:24:45 -------- d-----w- c:\program files\VideoLAN
2011-02-14 21:36:17 -------- d-----w- c:\program files\CureROM
2011-02-14 21:26:41 691696 ----a-w- c:\winxp\system32\drivers\sptd.sys
2011-02-14 21:18:12 -------- d-----w- C:\nocd
2011-02-14 19:21:58 68888 ----a-w- c:\winxp\system32\xinput1_3.dll
2011-02-14 19:21:12 3851784 ----a-w- c:\winxp\system32\d3dx9_39.dll
2011-02-14 19:14:41 -------- d--h--w- c:\winxp\msdownld.tmp
2011-02-14 19:03:57 -------- d-----w- c:\program files\Codemasters
2011-02-14 19:01:26 221184 ----a-w- c:\winxp\system32\wmpns.dll
2011-02-14 18:58:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-14 18:58:04 -------- d-----w- c:\docume~1\anthony\applic~1\DAEMON Tools Lite
2011-02-14 18:58:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2011-02-14 17:06:50 -------- d-----w- C:\mikegame
2011-02-12 20:50:06 -------- d-----w- c:\program files\AirPort
2011-02-12 05:04:38 -------- d-----w- c:\docume~1\anthony\applic~1\IDM
2011-02-12 05:04:38 -------- d-----w- c:\docume~1\anthony\applic~1\DMCache
2011-02-12 05:04:35 -------- d-----w- c:\program files\Internet Download Manager
2011-02-11 07:34:39 -------- d-----w- c:\program files\Nem's Tools
2011-02-09 23:53:20 2148864 -c----w- c:\winxp\system32\dllcache\ntkrnlmp.exe
2011-02-09 23:53:19 2192768 -c----w- c:\winxp\system32\dllcache\ntoskrnl.exe
2011-02-09 23:53:19 2027008 -c----w- c:\winxp\system32\dllcache\ntkrpamp.exe
2011-02-09 06:41:42 -------- d-----w- c:\docume~1\anthony\applic~1\X-Chat 2
2011-02-09 06:41:40 -------- d-----w- c:\program files\xchat
2011-02-07 23:53:36 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Mumble
2011-02-07 23:50:14 -------- d-----w- c:\docume~1\anthony\applic~1\Mumble
2011-02-07 23:50:03 -------- d-----w- c:\program files\Mumble
2011-02-06 22:09:49 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-02-06 22:09:49 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-02-06 22:09:49 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-06 21:46:30 2414360 ----a-w- c:\winxp\system32\d3dx9_31.dll
2011-02-06 21:46:30 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll
2011-02-06 21:46:22 -------- d-----w- c:\winxp\Logs
2011-02-06 00:40:25 50728 ----a-w- c:\winxp\system32\drivers\vrtaucbl.sys
2011-02-06 00:40:25 -------- d-----w- c:\program files\Virtual Audio Cable
2011-02-06 00:40:09 -------- d-----w- C:\VCable
2011-02-06 00:14:36 -------- d-----w- C:\VAudioCable
2011-02-05 02:44:49 -------- d-----w- c:\docume~1\anthony\applic~1\TeamViewer
2011-02-05 02:44:42 -------- d-----w- c:\program files\TeamViewer
2011-02-05 00:04:01 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Apple
2011-02-03 21:55:59 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Google
2011-02-03 10:11:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-03 10:10:17 -------- d-----w- C:\Photoshop
2011-02-03 08:09:03 -------- d-----w- c:\program files\Ventrilo
2011-02-03 08:08:50 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-02-01 06:14:50 12928 -c--a-w- c:\winxp\system32\dllcache\dot4prt.sys
2011-02-01 06:14:50 12928 ----a-w- c:\winxp\system32\drivers\Dot4Prt.sys
2011-02-01 06:14:46 23808 -c--a-w- c:\winxp\system32\dllcache\dot4usb.sys
2011-02-01 06:14:46 23808 ----a-w- c:\winxp\system32\drivers\Dot4usb.sys
2011-02-01 06:14:46 206976 -c--a-w- c:\winxp\system32\dllcache\dot4.sys
2011-02-01 06:14:46 206976 ----a-w- c:\winxp\system32\drivers\Dot4.sys
2011-01-31 03:32:17 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Temp
2011-01-31 03:32:17 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Adobe

==================== Find3M ====================

2011-03-01 17:31:26 9728 ---h--w- c:\docume~1\anthony\applic~1\desktop.ini
2011-01-21 14:42:25 439808 ----a-w- c:\winxp\system32\shimgvw.dll
2011-01-12 08:14:20 240624 ----a-w- c:\winxp\system32\nvdrsdb1.bin
2011-01-12 08:14:20 240624 ----a-w- c:\winxp\system32\nvdrsdb0.bin
2011-01-12 08:14:20 1 ----a-w- c:\winxp\system32\nvdrssel.bin
2011-01-07 14:09:31 290048 ----a-w- c:\winxp\system32\atmfd.dll
2010-12-31 13:14:45 1864064 ----a-w- c:\winxp\system32\win32k.sys
2010-12-22 12:32:24 301568 ----a-w- c:\winxp\system32\kerberos.dll
2010-12-20 23:58:53 919552 ----a-w- c:\winxp\system32\wininet.dll
2010-12-20 23:58:52 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2010-12-20 23:58:52 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2010-12-20 17:24:18 730112 ----a-w- c:\winxp\system32\lsasrv.dll
2010-12-20 12:48:24 385024 ----a-w- c:\winxp\system32\html.iec
2010-12-09 15:15:41 718336 ----a-w- c:\winxp\system32\ntdll.dll
2010-12-09 14:29:00 33280 ----a-w- c:\winxp\system32\csrsrv.dll
2010-12-09 13:47:27 2148864 ----a-w- c:\winxp\system32\ntoskrnl.exe
2010-12-09 13:09:29 2027008 ----a-w- c:\winxp\system32\ntkrnlpa.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS545025B9SA02 rev.PB2AC60W -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A373439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a3797b8]; MOV EAX, [0x8a379834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A446AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000073[0x8A50A848]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A4974D0]
\Driver\atapi[0x8A449440] -> IRP_MJ_CREATE -> 0x8A373439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS545025B9SA02_________________PB2AC60W#3031363031314250324c303053335a4b4c325653#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A37327F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 11:49:14.32 ===============

I did a GMER scan too, here is the dump:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-01 11:45:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS545025B9SA02 rev.PB2AC60W
Running: evjn4wkm.exe; Driver: C:\DOCUME~1\Anthony\LOCALS~1\Temp\ugliapob.sys

.text ...

---- System - GMER 1.0.15 ----

INT 0x73 ? 8A282F00
INT 0x84 ? 8A282F00
INT 0xA4 ? 8A282F00
INT 0xB4 ? 8A4CEBF8
INT 0xB4 ? 8A4CEBF8
INT 0xB4 ? 8A282F00
INT 0xB4 ? 8A4CEBF8

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS545025B9SA02_________________PB2AC60W#3031363031314250324c303053335a4b4c325653#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
Device \Driver\ab55w6uc \Device\Scsi\ab55w6uc1 8A1271F8
Device \Driver\ab55w6uc \Device\Scsi\ab55w6uc1Port2Path0Target0Lun0 8A1271F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A37327F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A37327F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A37327F
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\BTHUSB \Device\0000009c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000009e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 8A24E1F8
Device \Driver\Cdrom \Device\CdRom1 8A24E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A53E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A53E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A53E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A53E1F8
Device \Driver\Ftdisk \Device\FtControl 8A4CF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4CF1F8
Device \Driver\NetBT \Device\NetbiosSmb 89FBF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4B28F33D-A480-4551-8CA3-D4A4F5132128} 89FBF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{76636991-B4EB-4594-83C3-5589D8F022EE} 89FBF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9BD12949-33AC-45C9-A176-B7D3A4DB883D} 89FBF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89FBF1F8
Device \Driver\PCI_PNP6494 \Device\0000004e spvl.sys
Device \Driver\sptd \Device\3257867744 spvl.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbehci \Device\USBFDO-1 8A274500
Device \Driver\usbehci \Device\USBFDO-3 8A274500
Device \Driver\usbehci \Device\USBPDO-1 8A274500
Device \Driver\usbehci \Device\USBPDO-3 8A274500
Device \Driver\usbohci \Device\USBFDO-0 8A281500
Device \Driver\usbohci \Device\USBFDO-2 8A281500
Device \Driver\usbohci \Device\USBPDO-0 8A281500
Device \Driver\usbohci \Device\USBPDO-2 8A281500
Device \Driver\usbstor \Device\00000091 89F86500
Device \Driver\usbstor \Device\00000096 89F86500
Device \FileSystem\Cdfs \Cdfs 89F0D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A111500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A111500
Device \FileSystem\Ntfs \Ntfs 8A4CD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\Drivers\ab55w6uc.SYS[WMILIB.SYS!WmiSystemControl] 8800001C

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA923E610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA923EC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA923E730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA923E4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA923E570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA923E6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA923E790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA923E690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA923E650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA923E7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA923E510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA923E590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xA923E4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA923E5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA923E750]

---- Kernel code sections - GMER 1.0.15 ----

.text ab55w6uc.SYS B517E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ab55w6uc.SYS B517E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ab55w6uc.SYS B517E3C4 3 Bytes [00, 80, 02]
.text ab55w6uc.SYS B517E3C9 1 Byte [30]
.text ab55w6uc.SYS B517E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spvl.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spvl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spvl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spvl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spvl.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2172] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0143000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0144000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0166000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\PSAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[244] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\WINXP\Explorer.EXE[244] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C
.text C:\WINXP\Explorer.EXE[244] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINXP\Explorer.EXE[244] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINXP\system32\DRIVERS\nv4_mini.sys section is writeable [0xB56E23A0, 0x5CC259, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINXP\System32\svchost.exe[1372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:\WINXP\System32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\WINXP\System32\svchost.exe[1372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\WINXP\System32\svchost.exe[1372] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 00F2000A
.text C:\WINXP\System32\svchost.exe[1372] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00EE000A
.text C:\WINXP\System32\svchost.exe[1372] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00F0000A
.text C:\WINXP\System32\svchost.exe[1372] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00EF000A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\58b0359e245e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xC1 0xC6 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xAA 0x1E 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x03 0xED 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\58b0359e245e
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xC1 0xC6 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xAA 0x1E 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x03 0xED 0xDB ...

SSDT spvl.sys ZwCreateKey [0xB7EB50E0]
SSDT spvl.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spvl.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spvl.sys ZwOpenKey [0xB7EB50C0]
SSDT spvl.sys ZwQueryKey [0xB7ECE20A]
SSDT spvl.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spvl.sys ZwSetValueKey [0xB7ECE29C]

---- Kernel code sections - GMER 1.0.15 ----

? spvl.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B632F8AC 5 Bytes JMP 8A2824E0

---- Files - GMER 1.0.15 ----

File C:\WINXP\Temp\NODA91D.tmp 3193747 bytes
File C:\WINXP\Temp\NODB754.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi,

Please follow only the directions I give, and please follow all of them.

As requested previously,

please update MBAM, run a Quick Scan, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hey screen,

I don't want to seem rude, but I am a programmer and have plenty of experience with software. The first post was an update and quick scan log, did you not see that? I am not going to repeat that for no reason...

Here is the TDSS log.

2011/03/01 12:03:30.0077 3352	TDSS rootkit removing tool 2.4.19.0 Feb 28 2011 17:08:37
2011/03/01 12:03:30.0467 3352 ================================================================================
2011/03/01 12:03:30.0467 3352 SystemInfo:
2011/03/01 12:03:30.0467 3352
2011/03/01 12:03:30.0467 3352 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/01 12:03:30.0467 3352 Product type: Workstation
2011/03/01 12:03:30.0467 3352 ComputerName: ANTHONY-MB
2011/03/01 12:03:30.0467 3352 UserName: Anthony
2011/03/01 12:03:30.0467 3352 Windows directory: C:\WINXP
2011/03/01 12:03:30.0467 3352 System windows directory: C:\WINXP
2011/03/01 12:03:30.0467 3352 Processor architecture: Intel x86
2011/03/01 12:03:30.0467 3352 Number of processors: 2
2011/03/01 12:03:30.0467 3352 Page size: 0x1000
2011/03/01 12:03:30.0467 3352 Boot type: Normal boot
2011/03/01 12:03:30.0467 3352 ================================================================================
2011/03/01 12:03:31.0249 3352 Initialize success
2011/03/01 12:03:35.0577 2136 ================================================================================
2011/03/01 12:03:35.0577 2136 Scan started
2011/03/01 12:03:35.0577 2136 Mode: Manual;
2011/03/01 12:03:35.0577 2136 ================================================================================
2011/03/01 12:03:38.0061 2136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINXP\system32\DRIVERS\ACPI.sys
2011/03/01 12:03:38.0108 2136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINXP\system32\DRIVERS\ACPIEC.sys
2011/03/01 12:03:38.0186 2136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
2011/03/01 12:03:38.0296 2136 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINXP\System32\drivers\afd.sys
2011/03/01 12:03:38.0436 2136 AppleHFS (c0b7d43e80412da51d88cde2567dfef5) C:\WINXP\system32\drivers\AppleHFS.sys
2011/03/01 12:03:38.0467 2136 AppleMNT (e5db045f773b4214028a3b7abb589364) C:\WINXP\system32\drivers\AppleMNT.sys
2011/03/01 12:03:38.0514 2136 applemtm (4a5daa2e982867df9dcd91d6e29f58b9) C:\WINXP\system32\DRIVERS\applemtm.sys
2011/03/01 12:03:38.0624 2136 applemtp (b76e3465e1fe118d071b998c88337400) C:\WINXP\system32\DRIVERS\applemtp.sys
2011/03/01 12:03:38.0702 2136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINXP\system32\DRIVERS\arp1394.sys
2011/03/01 12:03:38.0780 2136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
2011/03/01 12:03:38.0811 2136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
2011/03/01 12:03:38.0952 2136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
2011/03/01 12:03:38.0999 2136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
2011/03/01 12:03:39.0061 2136 b57w2k (a86835def67af25070a2178a26f0d3eb) C:\WINXP\system32\DRIVERS\b57xp32.sys
2011/03/01 12:03:39.0249 2136 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINXP\system32\DRIVERS\bcmwl5.sys
2011/03/01 12:03:39.0483 2136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
2011/03/01 12:03:39.0546 2136 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINXP\system32\DRIVERS\bridge.sys
2011/03/01 12:03:39.0561 2136 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINXP\system32\DRIVERS\bridge.sys
2011/03/01 12:03:39.0686 2136 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINXP\system32\DRIVERS\BthEnum.sys
2011/03/01 12:03:39.0717 2136 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINXP\system32\DRIVERS\bthpan.sys
2011/03/01 12:03:39.0780 2136 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\WINXP\system32\Drivers\BTHport.sys
2011/03/01 12:03:39.0874 2136 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINXP\system32\Drivers\BTHUSB.sys
2011/03/01 12:03:39.0952 2136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
2011/03/01 12:03:39.0999 2136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINXP\system32\DRIVERS\CCDECODE.sys
2011/03/01 12:03:40.0124 2136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
2011/03/01 12:03:40.0186 2136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
2011/03/01 12:03:40.0217 2136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
2011/03/01 12:03:40.0389 2136 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINXP\system32\DRIVERS\CmBatt.sys
2011/03/01 12:03:40.0436 2136 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINXP\system32\DRIVERS\compbatt.sys
2011/03/01 12:03:40.0608 2136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
2011/03/01 12:03:40.0686 2136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINXP\system32\drivers\dmboot.sys
2011/03/01 12:03:40.0858 2136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINXP\system32\drivers\dmio.sys
2011/03/01 12:03:40.0889 2136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
2011/03/01 12:03:40.0936 2136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
2011/03/01 12:03:41.0092 2136 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINXP\system32\DRIVERS\Dot4.sys
2011/03/01 12:03:41.0155 2136 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINXP\system32\DRIVERS\Dot4Prt.sys
2011/03/01 12:03:41.0202 2136 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINXP\system32\DRIVERS\dot4usb.sys
2011/03/01 12:03:41.0358 2136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
2011/03/01 12:03:41.0702 2136 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINXP\system32\DRIVERS\eamon.sys
2011/03/01 12:03:41.0749 2136 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINXP\system32\DRIVERS\ehdrv.sys
2011/03/01 12:03:41.0796 2136 epfwtdir (aca520730cacc3afd206b92a6518c41a) C:\WINXP\system32\DRIVERS\epfwtdir.sys
2011/03/01 12:03:41.0967 2136 EuMusDesignVirtualAudioCableWdm (6b93b103242c3c30f850f53dbe39ed88) C:\WINXP\system32\DRIVERS\vrtaucbl.sys
2011/03/01 12:03:42.0030 2136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
2011/03/01 12:03:42.0046 2136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys
2011/03/01 12:03:42.0077 2136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINXP\system32\drivers\Fips.sys
2011/03/01 12:03:42.0217 2136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
2011/03/01 12:03:42.0280 2136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\DRIVERS\fltMgr.sys
2011/03/01 12:03:42.0358 2136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
2011/03/01 12:03:42.0374 2136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINXP\system32\DRIVERS\ftdisk.sys
2011/03/01 12:03:42.0436 2136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
2011/03/01 12:03:42.0546 2136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
2011/03/01 12:03:42.0608 2136 HdAudAddService (1e21cc5be24f7c4b45433086fe682500) C:\WINXP\system32\drivers\clhdaud.sys
2011/03/01 12:03:42.0671 2136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINXP\system32\DRIVERS\HDAudBus.sys
2011/03/01 12:03:42.0702 2136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
2011/03/01 12:03:42.0827 2136 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINXP\system32\Drivers\HTTP.sys
2011/03/01 12:03:42.0936 2136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
2011/03/01 12:03:43.0124 2136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINXP\system32\DRIVERS\intelppm.sys
2011/03/01 12:03:43.0155 2136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\DRIVERS\Ip6Fw.sys
2011/03/01 12:03:43.0217 2136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
2011/03/01 12:03:43.0342 2136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
2011/03/01 12:03:43.0389 2136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
2011/03/01 12:03:43.0452 2136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
2011/03/01 12:03:43.0483 2136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
2011/03/01 12:03:43.0639 2136 IRRemoteFlt (dd4c1a21abd0c41184d3f529421e4650) C:\WINXP\system32\DRIVERS\IRFilter.sys
2011/03/01 12:03:43.0717 2136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINXP\system32\DRIVERS\isapnp.sys
2011/03/01 12:03:43.0764 2136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINXP\system32\DRIVERS\kbdclass.sys
2011/03/01 12:03:43.0874 2136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINXP\system32\DRIVERS\kbdhid.sys
2011/03/01 12:03:43.0936 2136 KeyAgent (dfdac66a761977c6cc31b557a5210dc9) C:\WINXP\system32\drivers\KeyAgent.sys
2011/03/01 12:03:43.0983 2136 KeyMagic (f0135c184560c73aacd53ad07a9aa434) C:\WINXP\system32\DRIVERS\KeyMagic.sys
2011/03/01 12:03:44.0030 2136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
2011/03/01 12:03:44.0186 2136 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINXP\system32\drivers\KSecDD.sys
2011/03/01 12:03:44.0264 2136 MacHALDriver (054053f2f8e4dff6c97c4cef04fd2be0) C:\WINXP\system32\drivers\MacHALDriver.sys
2011/03/01 12:03:44.0311 2136 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINXP\system32\drivers\mbam.sys
2011/03/01 12:03:44.0452 2136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
2011/03/01 12:03:44.0499 2136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINXP\system32\drivers\Modem.sys
2011/03/01 12:03:44.0561 2136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINXP\system32\DRIVERS\mouclass.sys
2011/03/01 12:03:44.0717 2136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINXP\system32\DRIVERS\mouhid.sys
2011/03/01 12:03:44.0764 2136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
2011/03/01 12:03:44.0796 2136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
2011/03/01 12:03:44.0827 2136 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINXP\system32\DRIVERS\mrxsmb.sys
2011/03/01 12:03:44.0858 2136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
2011/03/01 12:03:44.0905 2136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
2011/03/01 12:03:45.0046 2136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
2011/03/01 12:03:45.0061 2136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
2011/03/01 12:03:45.0108 2136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
2011/03/01 12:03:45.0264 2136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINXP\system32\drivers\MSTEE.sys
2011/03/01 12:03:45.0311 2136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINXP\system32\drivers\Mup.sys
2011/03/01 12:03:45.0374 2136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINXP\system32\DRIVERS\NABTSFEC.sys
2011/03/01 12:03:45.0421 2136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
2011/03/01 12:03:45.0577 2136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINXP\system32\DRIVERS\NdisIP.sys
2011/03/01 12:03:45.0624 2136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINXP\system32\DRIVERS\ndistapi.sys
2011/03/01 12:03:45.0686 2136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
2011/03/01 12:03:45.0796 2136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
2011/03/01 12:03:45.0858 2136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINXP\system32\drivers\NDProxy.sys
2011/03/01 12:03:45.0936 2136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
2011/03/01 12:03:46.0061 2136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
2011/03/01 12:03:46.0124 2136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINXP\system32\DRIVERS\nic1394.sys
2011/03/01 12:03:46.0124 2136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
2011/03/01 12:03:46.0186 2136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
2011/03/01 12:03:46.0358 2136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
2011/03/01 12:03:46.0686 2136 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINXP\system32\DRIVERS\nv4_mini.sys
2011/03/01 12:03:47.0077 2136 NVHDA (311d7c3c8fc53f47f03df9633c0e1498) C:\WINXP\system32\drivers\nvhda32.sys
2011/03/01 12:03:47.0124 2136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
2011/03/01 12:03:47.0139 2136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
2011/03/01 12:03:47.0217 2136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINXP\system32\DRIVERS\ohci1394.sys
2011/03/01 12:03:47.0374 2136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINXP\system32\drivers\Parport.sys
2011/03/01 12:03:47.0436 2136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
2011/03/01 12:03:47.0483 2136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINXP\system32\drivers\ParVdm.sys
2011/03/01 12:03:47.0530 2136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINXP\system32\DRIVERS\pci.sys
2011/03/01 12:03:47.0717 2136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINXP\system32\DRIVERS\pciide.sys
2011/03/01 12:03:47.0780 2136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINXP\system32\drivers\Pcmcia.sys
2011/03/01 12:03:47.0921 2136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
2011/03/01 12:03:47.0936 2136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
2011/03/01 12:03:47.0967 2136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
2011/03/01 12:03:48.0092 2136 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINXP\system32\Drivers\PxHelp20.sys
2011/03/01 12:03:48.0217 2136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
2011/03/01 12:03:48.0280 2136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
2011/03/01 12:03:48.0296 2136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
2011/03/01 12:03:48.0327 2136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
2011/03/01 12:03:48.0452 2136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
2011/03/01 12:03:48.0530 2136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
2011/03/01 12:03:48.0592 2136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
2011/03/01 12:03:48.0780 2136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINXP\system32\drivers\RDPWD.sys
2011/03/01 12:03:48.0842 2136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINXP\system32\DRIVERS\redbook.sys
2011/03/01 12:03:48.0967 2136 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINXP\system32\DRIVERS\rfcomm.sys
2011/03/01 12:03:49.0030 2136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
2011/03/01 12:03:49.0061 2136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINXP\system32\drivers\Serial.sys
2011/03/01 12:03:49.0171 2136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
2011/03/01 12:03:49.0249 2136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINXP\system32\DRIVERS\SLIP.sys
2011/03/01 12:03:49.0327 2136 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINXP\system32\DRIVERS\SONYPVU1.SYS
2011/03/01 12:03:49.0483 2136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
2011/03/01 12:03:49.0561 2136 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINXP\system32\Drivers\sptd.sys
2011/03/01 12:03:49.0561 2136 Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/01 12:03:49.0561 2136 sptd - detected Locked file (1)
2011/03/01 12:03:49.0671 2136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINXP\system32\DRIVERS\sr.sys
2011/03/01 12:03:49.0717 2136 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINXP\system32\DRIVERS\srv.sys
2011/03/01 12:03:49.0780 2136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINXP\system32\DRIVERS\StreamIP.sys
2011/03/01 12:03:49.0811 2136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
2011/03/01 12:03:49.0967 2136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
2011/03/01 12:03:50.0030 2136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
2011/03/01 12:03:50.0092 2136 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINXP\system32\DRIVERS\tcpip.sys
2011/03/01 12:03:50.0249 2136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
2011/03/01 12:03:50.0264 2136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
2011/03/01 12:03:50.0311 2136 TermDD (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
2011/03/01 12:03:50.0483 2136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
2011/03/01 12:03:50.0499 2136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
2011/03/01 12:03:50.0561 2136 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINXP\system32\Drivers\usbaapl.sys
2011/03/01 12:03:50.0686 2136 usbaudio (e919708db44ed8543a7c017953148330) C:\WINXP\system32\drivers\usbaudio.sys
2011/03/01 12:03:50.0749 2136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
2011/03/01 12:03:50.0780 2136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
2011/03/01 12:03:50.0889 2136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
2011/03/01 12:03:50.0921 2136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINXP\system32\DRIVERS\usbohci.sys
2011/03/01 12:03:50.0967 2136 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
2011/03/01 12:03:51.0061 2136 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINXP\system32\Drivers\usbvideo.sys
2011/03/01 12:03:51.0217 2136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
2011/03/01 12:03:51.0280 2136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINXP\system32\drivers\VolSnap.sys
2011/03/01 12:03:51.0483 2136 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) c:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/03/01 12:03:51.0671 2136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
2011/03/01 12:03:51.0780 2136 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINXP\system32\DRIVERS\Wdf01000.sys
2011/03/01 12:03:51.0967 2136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
2011/03/01 12:03:52.0092 2136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINXP\system32\DRIVERS\WSTCODEC.SYS
2011/03/01 12:03:52.0139 2136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
2011/03/01 12:03:52.0249 2136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
2011/03/01 12:03:52.0296 2136 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/01 12:03:52.0296 2136 ================================================================================
2011/03/01 12:03:52.0296 2136 Scan finished
2011/03/01 12:03:52.0296 2136 ================================================================================
2011/03/01 12:03:52.0296 3620 Detected object count: 2
2011/03/01 12:04:15.0952 3620 Locked file(sptd) - User select action: Skip
2011/03/01 12:04:15.0999 3620 \HardDisk0 - will be cured after reboot
2011/03/01 12:04:15.0999 3620 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

It found and cured a root kit. Rebooting now.

Link to post
Share on other sites

  • Staff
I don't want to seem rude, but I am a programmer and have plenty of experience with software. The first post was an update and quick scan log, did you not see that? I am not going to repeat that for no reason...
Neither do I, but you're using a version of MBAM that is months old:
Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Please understand I'm not giving you instructions to waste your time, nor mine.
Link to post
Share on other sites

Sorry about that mate, I was under the impression that since my virus and spyware definitions were up to date that the software was as well, here is the up to date log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5920

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2011 1:41:32 PM
mbam-log-2011-03-01 (13-41-32).txt

Scan type: Quick scan
Objects scanned: 170431
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As a side note, there are threats that Security Essentials keeps finding but MalwareBytes isn't... any thoughts?

Link to post
Share on other sites

  • Staff

Hi,

Which threats are you referring to?

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello again,

The threats that were caught recently with Security Center (3 seperate quick scans):

Trojan: Win32 / Comame

Trojan: Win32 / Oficla. T

VirTool: Win32 / Afrootix.gen!A

Here is the ComboFix log:

ComboFix 11-02-28.07 - Anthony 03/01/2011  14:05:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2807.1757 [GMT -8:00]
Running from: c:\documents and settings\Anthony\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Application Data\4yqwh3365HI.exe
c:\documents and settings\Anthony\Application Data\desktop.ini
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 21:33 . 2011-03-01 21:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF942655-2827-4CC4-B5AB-8416042A3BAE}\MpKslb55a18e5.sys
2011-03-01 21:31 . 2011-03-01 21:31 709456 ----a-w- c:\winxp\isRS-000.tmp
2011-03-01 20:35 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-01 20:35 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF942655-2827-4CC4-B5AB-8416042A3BAE}\mpengine.dll
2011-03-01 20:34 . 2010-10-19 20:51 222080 ------w- c:\winxp\system32\MpSigStub.exe
2011-03-01 20:31 . 2011-03-01 20:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-01 17:45 . 2011-03-01 17:45 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2011-03-01 17:45 . 2010-12-21 02:09 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2011-03-01 17:45 . 2011-03-01 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-01 17:45 . 2011-03-01 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 17:45 . 2010-12-21 02:08 20952 ----a-w- c:\winxp\system32\drivers\mbam.sys
2011-03-01 11:13 . 2011-03-01 11:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-03-01 08:29 . 2011-03-01 08:29 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\ESET
2011-03-01 08:12 . 2011-03-01 08:12 -------- d-----w- c:\program files\TNod User & Password Finder
2011-03-01 08:11 . 2011-03-01 08:11 -------- d-----w- c:\program files\ESET
2011-03-01 08:11 . 2011-03-01 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-03-01 07:37 . 2011-03-01 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-01 07:37 . 2011-03-01 07:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-01 07:22 . 2011-03-01 18:32 -------- d-----w- c:\documents and settings\Anthony\Application Data\xrwasodqnqvtosfvhhjoyvxmhhjkfavh2
2011-03-01 07:21 . 2011-03-01 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\bEkEmAe06108
2011-03-01 07:19 . 2011-03-01 11:13 -------- d-----w- c:\documents and settings\Anthony\Application Data\xxnqhuxfdhuvrkjlqbifc2lejqtoxtr2
2011-02-26 10:23 . 2011-02-26 10:24 -------- d-----w- c:\documents and settings\Anthony\Application Data\Notepad++
2011-02-26 10:23 . 2011-02-26 10:23 -------- d-----w- c:\program files\Notepad++
2011-02-26 00:10 . 2011-02-26 00:10 -------- d-----w- c:\program files\iPod
2011-02-26 00:10 . 2011-02-26 00:11 -------- d-----w- c:\program files\iTunes
2011-02-25 01:38 . 2011-02-25 01:38 -------- d-----w- c:\documents and settings\Anthony\Application Data\Subversion
2011-02-25 01:38 . 2011-02-25 01:38 -------- d-----w- C:\Git
2011-02-25 01:34 . 2011-02-25 01:35 -------- d-----w- c:\documents and settings\Anthony\.ssh
2011-02-25 01:33 . 2011-02-25 01:33 -------- d-----w- c:\program files\Git
2011-02-25 01:31 . 2011-02-25 01:31 -------- d-----w- c:\documents and settings\Anthony\Application Data\syntevo
2011-02-25 01:30 . 2011-02-25 01:30 -------- d-----w- c:\program files\SmartGit 2
2011-02-24 01:42 . 2011-02-24 01:42 -------- d-----w- c:\documents and settings\Anthony\Application Data\Microsoft Corporation
2011-02-20 09:51 . 2011-02-20 09:51 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Nem's Tools
2011-02-20 09:26 . 2011-02-20 09:26 -------- d-----r- C:\Sandbox
2011-02-20 09:25 . 2011-02-20 09:28 -------- d-----w- c:\program files\Sandboxie
2011-02-20 09:03 . 2011-02-20 09:03 -------- d-----w- C:\iDEFENSE
2011-02-20 08:18 . 2011-02-20 08:18 -------- d-----w- c:\winxp\Sun
2011-02-19 21:12 . 2011-02-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Visual Studio
2011-02-19 05:15 . 2011-02-19 05:15 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-19 05:14 . 2011-02-19 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2011-02-19 05:08 . 2011-02-19 05:08 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-02-19 05:08 . 2011-02-19 05:08 -------- d-----w- c:\program files\IIS
2011-02-19 05:07 . 2011-02-19 05:07 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-02-19 05:07 . 2011-02-19 05:15 2236480 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-02-19 04:58 . 2011-02-19 05:00 -------- d-----w- c:\program files\HTML Help Workshop
2011-02-19 04:58 . 2011-02-19 04:58 -------- d-----w- c:\program files\Microsoft F#
2011-02-19 04:55 . 2011-02-19 04:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-02-19 00:04 . 2011-02-24 00:31 -------- d-----w- C:\csl
2011-02-18 23:42 . 2011-02-18 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2011-02-18 23:41 . 2011-02-18 23:42 188128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-02-18 23:35 . 2011-02-18 23:35 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-18 23:34 . 2011-02-18 23:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-18 23:34 . 2011-02-18 23:34 112832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-02-18 23:32 . 2011-02-18 23:32 -------- d-----w- c:\winxp\symbols
2011-02-18 23:32 . 2011-02-19 05:11 -------- d-----w- c:\program files\Microsoft SDKs
2011-02-18 23:32 . 2011-02-19 05:02 -------- d-----w- c:\program files\Common Files\Merge Modules
2011-02-18 23:32 . 2011-02-18 23:32 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-02-18 23:32 . 2011-02-19 05:14 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-02-18 23:22 . 2011-02-18 23:33 -------- d-----w- c:\program files\Microsoft.NET
2011-02-17 07:28 . 2011-02-17 07:32 -------- d-----w- c:\documents and settings\Anthony\Application Data\vlc
2011-02-17 07:24 . 2011-02-17 07:24 -------- d-----w- c:\program files\VideoLAN
2011-02-17 03:30 . 2011-02-17 03:30 -------- d-----w- c:\program files\Common Files\Skype
2011-02-14 21:36 . 2011-03-01 09:37 -------- d-----w- c:\program files\CureROM
2011-02-14 21:26 . 2011-02-14 21:26 691696 ----a-w- c:\winxp\system32\drivers\sptd.sys
2011-02-14 21:18 . 2011-02-14 21:18 -------- d-----w- C:\nocd
2011-02-14 19:21 . 2007-02-21 10:11 68888 ----a-w- c:\winxp\system32\xinput1_3.dll
2011-02-14 19:21 . 2008-10-30 19:57 3851784 ----a-w- c:\winxp\system32\d3dx9_39.dll
2011-02-14 19:14 . 2011-02-14 19:18 -------- d--h--w- c:\winxp\msdownld.tmp
2011-02-14 19:03 . 2011-02-14 19:03 -------- d-----w- c:\program files\Codemasters
2011-02-14 19:01 . 2008-04-14 12:00 221184 ----a-w- c:\winxp\system32\wmpns.dll
2011-02-14 19:01 . 2011-02-14 19:05 -------- d-----w- c:\documents and settings\Michael Iacono
2011-02-14 18:58 . 2011-02-14 21:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-14 18:58 . 2011-02-19 04:52 -------- d-----w- c:\documents and settings\Anthony\Application Data\DAEMON Tools Lite
2011-02-14 18:58 . 2011-02-14 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-02-14 17:06 . 2011-02-14 18:50 -------- d-----w- C:\mikegame
2011-02-12 20:50 . 2011-02-12 20:50 -------- d-----w- c:\program files\AirPort
2011-02-12 05:04 . 2011-02-19 21:08 -------- d-----w- c:\documents and settings\Anthony\Application Data\DMCache
2011-02-12 05:04 . 2011-02-19 21:08 -------- d-----w- c:\documents and settings\Anthony\Application Data\IDM
2011-02-12 05:04 . 2011-02-20 08:38 -------- d-----w- c:\program files\Internet Download Manager
2011-02-11 07:34 . 2011-02-11 07:34 -------- d-----w- c:\program files\Nem's Tools
2011-02-10 21:44 . 2011-02-28 00:45 -------- d-----w- c:\documents and settings\Anthony\Application Data\Audacity
2011-02-09 23:53 . 2010-12-09 13:47 2148864 -c----w- c:\winxp\system32\dllcache\ntkrnlmp.exe
2011-02-09 23:53 . 2010-12-09 13:43 2192768 -c----w- c:\winxp\system32\dllcache\ntoskrnl.exe
2011-02-09 23:53 . 2010-12-09 13:09 2027008 -c----w- c:\winxp\system32\dllcache\ntkrpamp.exe
2011-02-09 06:41 . 2011-03-01 21:32 -------- d-----w- c:\documents and settings\Anthony\Application Data\X-Chat 2
2011-02-09 06:41 . 2011-02-09 06:41 -------- d-----w- c:\program files\xchat
2011-02-08 01:22 . 2011-02-08 01:22 -------- d-----w- c:\program files\Safari
2011-02-07 23:53 . 2011-02-07 23:53 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Mumble
2011-02-07 23:50 . 2011-02-07 23:53 -------- d-----w- c:\documents and settings\Anthony\Application Data\Mumble
2011-02-07 23:50 . 2011-02-07 23:50 -------- d-----w- c:\program files\Mumble
2011-02-06 22:09 . 2011-02-06 22:09 -------- d-----w- c:\program files\Common Files\Java
2011-02-06 22:09 . 2011-02-06 22:09 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-06 22:09 . 2011-02-06 22:09 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-02-06 22:09 . 2011-02-06 22:09 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-02-06 22:09 . 2011-02-06 22:09 -------- d-----w- c:\program files\Java
2011-02-06 21:46 . 2009-09-05 01:29 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll
2011-02-06 21:46 . 2006-09-29 00:05 2414360 ----a-w- c:\winxp\system32\d3dx9_31.dll
2011-02-06 21:46 . 2011-02-14 19:11 -------- d-----w- c:\winxp\Logs
2011-02-06 00:40 . 2011-02-06 00:40 -------- d-----w- c:\program files\Virtual Audio Cable
2011-02-06 00:40 . 2011-02-06 00:40 50728 ----a-w- c:\winxp\system32\drivers\vrtaucbl.sys
2011-02-06 00:40 . 2011-02-06 00:40 -------- d-----w- C:\VCable
2011-02-06 00:14 . 2011-02-06 00:14 -------- d-----w- C:\VAudioCable
2011-02-05 02:44 . 2011-02-05 02:44 -------- d-----w- c:\documents and settings\Anthony\Application Data\TeamViewer
2011-02-05 02:44 . 2011-02-05 02:44 -------- d-----w- c:\program files\TeamViewer
2011-02-05 00:04 . 2011-02-12 20:50 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Apple
2011-02-03 21:55 . 2011-02-03 21:56 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Google
2011-02-03 10:32 . 2011-02-27 07:32 -------- d-----w- c:\documents and settings\Anthony\Application Data\FileZilla
2011-02-03 10:32 . 2011-02-03 10:32 -------- d-----w- c:\program files\FileZilla FTP Client
2011-02-03 10:11 . 2011-02-03 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-03 10:10 . 2011-02-27 05:23 -------- d-----w- C:\Photoshop
2011-02-03 08:09 . 2011-02-07 03:17 -------- d-----w- c:\documents and settings\Anthony\Application Data\Ventrilo
2011-02-03 08:09 . 2011-02-03 08:09 -------- d-----w- c:\program files\Ventrilo
2011-02-03 08:08 . 2011-02-03 08:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-02-01 06:14 . 2001-08-17 19:47 12928 -c--a-w- c:\winxp\system32\dllcache\dot4prt.sys
2011-02-01 06:14 . 2001-08-17 19:47 12928 ----a-w- c:\winxp\system32\drivers\Dot4Prt.sys
2011-02-01 06:14 . 2008-04-14 06:09 206976 -c--a-w- c:\winxp\system32\dllcache\dot4.sys
2011-02-01 06:14 . 2008-04-14 06:09 206976 ----a-w- c:\winxp\system32\drivers\Dot4.sys
2011-02-01 06:14 . 2001-08-17 19:47 23808 -c--a-w- c:\winxp\system32\dllcache\dot4usb.sys
2011-02-01 06:14 . 2001-08-17 19:47 23808 ----a-w- c:\winxp\system32\drivers\Dot4usb.sys
2011-01-31 03:32 . 2011-03-01 02:01 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Temp
2011-01-31 03:32 . 2011-02-04 05:36 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\winxp\system32\shimgvw.dll
2011-01-07 14:09 . 2010-10-12 17:33 290048 ----a-w- c:\winxp\system32\atmfd.dll
2010-12-31 13:14 . 2010-10-12 17:34 1864064 ----a-w- c:\winxp\system32\win32k.sys
2010-12-22 12:32 . 2010-09-16 16:11 301568 ----a-w- c:\winxp\system32\kerberos.dll
2010-12-20 23:58 . 2010-10-12 17:34 919552 ----a-w- c:\winxp\system32\wininet.dll
2010-12-20 23:58 . 2010-10-12 17:34 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2010-12-20 23:58 . 2010-10-12 17:34 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2010-12-20 17:24 . 2010-09-16 16:11 730112 ----a-w- c:\winxp\system32\lsasrv.dll
2010-12-20 12:48 . 2010-09-16 13:27 385024 ----a-w- c:\winxp\system32\html.iec
2010-12-09 15:15 . 2009-02-09 10:56 718336 ----a-w- c:\winxp\system32\ntdll.dll
2010-12-09 14:29 . 2010-09-16 16:12 33280 ----a-w- c:\winxp\system32\csrsrv.dll
2010-12-09 13:47 . 2010-09-16 16:12 2148864 ----a-w- c:\winxp\system32\ntoskrnl.exe
2010-12-09 13:09 . 2010-04-27 13:14 2027008 ----a-w- c:\winxp\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-03 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2010-11-12 525112]
"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-12 771360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\Anthony\Start Menu\Programs\Startup\
XChat.lnk - c:\program files\xchat\xchat.exe [2010-8-27 216064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Steam\\steamapps\\vivalapimpd\\source sdk base 2007\\hl2.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\gustaf.j@telia.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\nicholasiacono\\sourcesdk\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\nicholasiacono\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\mytension\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\nicholasiacono\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

R0 AppleHFS;AppleHFS;c:\winxp\system32\drivers\AppleHFS.sys [11/11/2010 7:00 PM 49280]
R0 AppleMNT;AppleMNT;c:\winxp\system32\drivers\AppleMNT.sys [11/11/2010 7:00 PM 6784]
R0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [2/14/2011 1:26 PM 691696]
R1 ehdrv;ehdrv;c:\winxp\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\winxp\system32\drivers\epfwtdir.sys [6/24/2010 9:27 AM 95896]
R1 MpKslb55a18e5;MpKslb55a18e5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF942655-2827-4CC4-B5AB-8416042A3BAE}\MpKslb55a18e5.sys [3/1/2011 1:33 PM 28752]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\winxp\system32\AppleOSSMgr.exe [11/11/2010 7:00 PM 193848]
R2 AppleTimeSrv;Apple Time Service;c:\winxp\system32\AppleTimeSrv.exe [1/16/2010 9:37 PM 99640]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
R2 KeyAgent;KeyAgent;c:\winxp\system32\drivers\KeyAgent.sys [11/11/2010 7:00 PM 6528]
R2 MacHALDriver;Mac HAL;c:\winxp\system32\drivers\MacHALDriver.sys [11/11/2010 7:00 PM 12928]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/1/2011 9:45 AM 363344]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2/4/2011 6:44 PM 2253688]
R3 applemtm;Apple Multitouch Mouse;c:\winxp\system32\drivers\applemtm.sys [11/27/2010 3:26 PM 10880]
R3 applemtp;Apple Multitouch;c:\winxp\system32\drivers\applemtp.sys [11/27/2010 3:26 PM 29824]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\winxp\system32\drivers\vrtaucbl.sys [2/5/2011 4:40 PM 50728]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\winxp\system32\drivers\IRFilter.sys [11/27/2010 3:26 PM 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\winxp\system32\drivers\KeyMagic.sys [11/27/2010 3:26 PM 23552]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [3/1/2011 9:45 AM 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\winxp\system32\drivers\nvhda32.sys [11/27/2010 6:11 PM 100712]
S1 IDMTDI;IDMTDI;c:\winxp\system32\DRIVERS\idmtdi.sys --> c:\winxp\system32\DRIVERS\idmtdi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [2/1/2010 1:37 AM 36864]
S3 CEDRIVER60;CEDRIVER60;\??\c:\program files\Cheat Engine 6\dbk32.sys --> c:\program files\Cheat Engine 6\dbk32.sys [?]
S3 dxdiag;dxdiag;\??\c:\docume~1\Anthony\LOCALS~1\Temp\dxdiag.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\dxdiag.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 RYW;RYW;c:\docume~1\Anthony\LOCALS~1\Temp\RYW.exe --> c:\docume~1\Anthony\LOCALS~1\Temp\RYW.exe [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLB55A18E5
.
Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2011-03-01 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-796845957-682003330-1004Core.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 21:55]

2011-03-01 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-796845957-682003330-1004UA.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 21:55]

2011-03-01 c:\winxp\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-03-01 c:\winxp\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-03-01 c:\winxp\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\gjr470vt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winxp\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-01 14:12:00
ComboFix-quarantined-files.txt 2011-03-01 22:11

Pre-Run: 185,845,342,208 bytes free
Post-Run: 186,534,666,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CAB55709479E6647F851942585461FCC

Thanks

Link to post
Share on other sites

New DDS


DDS (Ver_10-12-12.02) - NTFSx86
Run by Anthony at 14:22:38.18 on Tue 03/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2807.1649 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINXP\system32\AppleOSSMgr.exe
C:\WINXP\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINXP\System32\svchost.exe -k HTTPFilter
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\WINXP\system32\notepad.exe
C:\WINXP\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINXP\system32\notepad.exe
C:\WINXP\explorer.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Anthony\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Google Update] "c:\documents and settings\anthony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\anthony\startm~1\programs\startup\xchat.lnk - c:\program files\xchat\xchat.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\gjr470vt.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\anthony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winxp\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org

============= SERVICES / DRIVERS ===============

R0 AppleHFS;AppleHFS;c:\winxp\system32\drivers\AppleHFS.sys [2010-11-11 49280]
R0 AppleMNT;AppleMNT;c:\winxp\system32\drivers\AppleMNT.sys [2010-11-11 6784]
R1 ehdrv;ehdrv;c:\winxp\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\winxp\system32\drivers\epfwtdir.sys [2010-6-24 95896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\winxp\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb55a18e5;MpKslb55a18e5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df942655-2827-4cc4-b5ab-8416042a3bae}\MpKslb55a18e5.sys [2011-3-1 28752]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\winxp\system32\AppleOSSMgr.exe [2010-11-11 193848]
R2 AppleTimeSrv;Apple Time Service;c:\winxp\system32\AppleTimeSrv.exe [2010-1-16 99640]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 KeyAgent;KeyAgent;c:\winxp\system32\drivers\KeyAgent.sys [2010-11-11 6528]
R2 MacHALDriver;Mac HAL;c:\winxp\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-1 363344]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-4 2253688]
R3 applemtm;Apple Multitouch Mouse;c:\winxp\system32\drivers\applemtm.sys [2010-11-27 10880]
R3 applemtp;Apple Multitouch;c:\winxp\system32\drivers\applemtp.sys [2010-11-27 29824]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\winxp\system32\drivers\vrtaucbl.sys [2011-2-5 50728]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\winxp\system32\drivers\IRFilter.sys [2010-11-27 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\winxp\system32\drivers\KeyMagic.sys [2010-11-27 23552]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-3-1 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\winxp\system32\drivers\nvhda32.sys [2010-11-27 100712]
S1 IDMTDI;IDMTDI;c:\winxp\system32\drivers\idmtdi.sys --> c:\winxp\system32\drivers\idmtdi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2010-2-1 36864]
S3 CEDRIVER60;CEDRIVER60;\??\c:\program files\cheat engine 6\dbk32.sys --> c:\program files\cheat engine 6\dbk32.sys [?]
S3 dxdiag;dxdiag;\??\c:\docume~1\anthony\locals~1\temp\dxdiag.sys --> c:\docume~1\anthony\locals~1\temp\dxdiag.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RYW;RYW;c:\docume~1\anthony\locals~1\temp\ryw.exe --> c:\docume~1\anthony\locals~1\temp\RYW.exe [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-01 22:02:26 -------- d-sha-r- C:\cmdcons
2011-03-01 22:00:46 98816 ----a-w- c:\winxp\sed.exe
2011-03-01 22:00:46 89088 ----a-w- c:\winxp\MBR.exe
2011-03-01 22:00:46 256512 ----a-w- c:\winxp\PEV.exe
2011-03-01 22:00:46 161792 ----a-w- c:\winxp\SWREG.exe
2011-03-01 21:33:51 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{df942655-2827-4cc4-b5ab-8416042a3bae}\MpKslb55a18e5.sys
2011-03-01 21:31:46 709456 ----a-w- c:\winxp\isRS-000.tmp
2011-03-01 20:35:24 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-01 20:35:15 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{df942655-2827-4cc4-b5ab-8416042a3bae}\mpengine.dll
2011-03-01 20:34:35 222080 ------w- c:\winxp\system32\MpSigStub.exe
2011-03-01 20:31:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-01 17:45:45 -------- d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2011-03-01 17:45:39 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2011-03-01 17:45:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-01 17:45:37 20952 ----a-w- c:\winxp\system32\drivers\mbam.sys
2011-03-01 17:45:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 08:29:03 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\ESET
2011-03-01 08:12:15 -------- d-----w- c:\program files\TNod User & Password Finder
2011-03-01 08:11:58 -------- d-----w- c:\program files\ESET
2011-03-01 07:37:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-01 07:37:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-01 07:22:36 -------- d-----w- c:\docume~1\anthony\applic~1\xrwasodqnqvtosfvhhjoyvxmhhjkfavh2
2011-03-01 07:21:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\bEkEmAe06108
2011-03-01 07:19:19 -------- d-----w- c:\docume~1\anthony\applic~1\xxnqhuxfdhuvrkjlqbifc2lejqtoxtr2
2011-02-26 00:10:47 -------- d-----w- c:\program files\iPod
2011-02-26 00:10:44 -------- d-----w- c:\program files\iTunes
2011-02-25 01:38:18 -------- d-----w- c:\docume~1\anthony\applic~1\Subversion
2011-02-25 01:38:08 -------- d-----w- C:\Git
2011-02-25 01:34:56 -------- d-----w- c:\documents and settings\anthony\.ssh
2011-02-25 01:33:05 -------- d-----w- c:\program files\Git
2011-02-25 01:31:08 -------- d-----w- c:\docume~1\anthony\applic~1\syntevo
2011-02-25 01:30:46 -------- d-----w- c:\program files\SmartGit 2
2011-02-24 01:42:48 -------- d-----w- c:\docume~1\anthony\applic~1\Microsoft Corporation
2011-02-24 00:39:48 -------- d-----w- C:\csl.client
2011-02-20 09:51:07 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Nem's Tools
2011-02-20 09:26:33 -------- d-----r- C:\Sandbox
2011-02-20 09:25:52 -------- d-----w- c:\program files\Sandboxie
2011-02-20 09:03:18 -------- d-----w- C:\iDEFENSE
2011-02-19 21:12:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Microsoft Visual Studio
2011-02-19 05:14:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2011-02-19 05:08:58 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-02-19 05:08:48 -------- d-----w- c:\program files\IIS
2011-02-19 05:07:49 18368 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2011-02-19 05:07:46 2236480 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2011-02-19 04:58:54 -------- d-----w- c:\program files\Microsoft F#
2011-02-19 04:58:54 -------- d-----w- c:\program files\HTML Help Workshop
2011-02-19 00:04:20 -------- d-----w- C:\csl
2011-02-18 23:42:05 -------- d-----w- c:\program files\Microsoft SQL Server
2011-02-18 23:41:45 188128 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-02-18 23:35:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-18 23:34:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-18 23:34:31 112832 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
2011-02-18 23:32:38 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-02-18 23:32:38 -------- d-----w- c:\program files\common files\Merge Modules
2011-02-18 23:32:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-02-17 07:24:45 -------- d-----w- c:\program files\VideoLAN
2011-02-14 21:36:17 -------- d-----w- c:\program files\CureROM
2011-02-14 21:26:41 691696 ----a-w- c:\winxp\system32\drivers\sptd.sys
2011-02-14 21:18:12 -------- d-----w- C:\nocd
2011-02-14 19:21:58 68888 ----a-w- c:\winxp\system32\xinput1_3.dll
2011-02-14 19:21:12 3851784 ----a-w- c:\winxp\system32\d3dx9_39.dll
2011-02-14 19:14:41 -------- d--h--w- c:\winxp\msdownld.tmp
2011-02-14 19:03:57 -------- d-----w- c:\program files\Codemasters
2011-02-14 19:01:26 221184 ----a-w- c:\winxp\system32\wmpns.dll
2011-02-14 18:58:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-14 18:58:04 -------- d-----w- c:\docume~1\anthony\applic~1\DAEMON Tools Lite
2011-02-14 18:58:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2011-02-14 17:06:50 -------- d-----w- C:\mikegame
2011-02-12 20:50:06 -------- d-----w- c:\program files\AirPort
2011-02-12 05:04:38 -------- d-----w- c:\docume~1\anthony\applic~1\IDM
2011-02-12 05:04:38 -------- d-----w- c:\docume~1\anthony\applic~1\DMCache
2011-02-12 05:04:35 -------- d-----w- c:\program files\Internet Download Manager
2011-02-11 07:34:39 -------- d-----w- c:\program files\Nem's Tools
2011-02-09 23:53:20 2148864 -c----w- c:\winxp\system32\dllcache\ntkrnlmp.exe
2011-02-09 23:53:19 2192768 -c----w- c:\winxp\system32\dllcache\ntoskrnl.exe
2011-02-09 23:53:19 2027008 -c----w- c:\winxp\system32\dllcache\ntkrpamp.exe
2011-02-09 06:41:42 -------- d-----w- c:\docume~1\anthony\applic~1\X-Chat 2
2011-02-09 06:41:40 -------- d-----w- c:\program files\xchat
2011-02-07 23:53:36 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Mumble
2011-02-07 23:50:14 -------- d-----w- c:\docume~1\anthony\applic~1\Mumble
2011-02-07 23:50:03 -------- d-----w- c:\program files\Mumble
2011-02-06 22:09:49 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-02-06 22:09:49 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-02-06 22:09:49 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-06 21:46:30 2414360 ----a-w- c:\winxp\system32\d3dx9_31.dll
2011-02-06 21:46:30 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll
2011-02-06 21:46:22 -------- d-----w- c:\winxp\Logs
2011-02-06 00:40:25 50728 ----a-w- c:\winxp\system32\drivers\vrtaucbl.sys
2011-02-06 00:40:25 -------- d-----w- c:\program files\Virtual Audio Cable
2011-02-06 00:40:09 -------- d-----w- C:\VCable
2011-02-06 00:14:36 -------- d-----w- C:\VAudioCable
2011-02-05 02:44:49 -------- d-----w- c:\docume~1\anthony\applic~1\TeamViewer
2011-02-05 02:44:42 -------- d-----w- c:\program files\TeamViewer
2011-02-05 00:04:01 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Apple
2011-02-03 21:55:59 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Google
2011-02-03 10:11:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-03 10:10:17 -------- d-----w- C:\Photoshop
2011-02-03 08:09:03 -------- d-----w- c:\program files\Ventrilo
2011-02-03 08:08:50 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-02-01 06:14:50 12928 -c--a-w- c:\winxp\system32\dllcache\dot4prt.sys
2011-02-01 06:14:50 12928 ----a-w- c:\winxp\system32\drivers\Dot4Prt.sys
2011-02-01 06:14:46 23808 -c--a-w- c:\winxp\system32\dllcache\dot4usb.sys
2011-02-01 06:14:46 23808 ----a-w- c:\winxp\system32\drivers\Dot4usb.sys
2011-02-01 06:14:46 206976 -c--a-w- c:\winxp\system32\dllcache\dot4.sys
2011-02-01 06:14:46 206976 ----a-w- c:\winxp\system32\drivers\Dot4.sys
2011-01-31 03:32:17 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Temp
2011-01-31 03:32:17 -------- d-----w- c:\docume~1\anthony\locals~1\applic~1\Adobe

==================== Find3M ====================

2011-01-21 14:42:25 439808 ----a-w- c:\winxp\system32\shimgvw.dll
2011-01-12 08:14:20 240624 ----a-w- c:\winxp\system32\nvdrsdb1.bin
2011-01-12 08:14:20 240624 ----a-w- c:\winxp\system32\nvdrsdb0.bin
2011-01-12 08:14:20 1 ----a-w- c:\winxp\system32\nvdrssel.bin
2011-01-07 14:09:31 290048 ----a-w- c:\winxp\system32\atmfd.dll
2010-12-31 13:14:45 1864064 ----a-w- c:\winxp\system32\win32k.sys
2010-12-22 12:32:24 301568 ----a-w- c:\winxp\system32\kerberos.dll
2010-12-20 23:58:53 919552 ----a-w- c:\winxp\system32\wininet.dll
2010-12-20 23:58:52 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2010-12-20 23:58:52 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2010-12-20 17:24:18 730112 ----a-w- c:\winxp\system32\lsasrv.dll
2010-12-20 12:48:24 385024 ----a-w- c:\winxp\system32\html.iec
2010-12-09 15:15:41 718336 ----a-w- c:\winxp\system32\ntdll.dll
2010-12-09 14:29:00 33280 ----a-w- c:\winxp\system32\csrsrv.dll
2010-12-09 13:47:27 2148864 ----a-w- c:\winxp\system32\ntoskrnl.exe
2010-12-09 13:09:29 2027008 ----a-w- c:\winxp\system32\ntkrnlpa.exe

============= FINISH: 14:22:57.92 ===============

Sorry, almost forgot.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

In the future please copy logs without boxes around them.

Are you still getting detections? If so, where are the files being detected?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.