Jump to content

Recommended Posts

I'm getting re-directed google searches, and keep finding a click.giftload with malwarebytes and Spybot S&D. Cant seem to get shot of it.

Malwarebytes log -

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6201

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/03/2011 07:23:36

mbam-log-2011-03-30 (07-23-36).txt

Scan type: Quick scan

Objects scanned: 169939

Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt -

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Paulm at 7:55:27.92 on 30/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2934.1284 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\nlssrv32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\autoclk.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Paulm\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [autoclk] autoclk.exe

mRun: [adiras] adiras.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\users\paulm\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\paulm\appdata\roaming\mozilla\firefox\profiles\5rwebjdh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\paulm\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-26 64512]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-6-9 17072]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl44fdf083;MpKsl44fdf083;c:\programdata\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl44fdf083.sys [2011-3-29 28752]

R1 MpKslacdbd338;MpKslacdbd338;c:\programdata\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKslacdbd338.sys [2011-3-29 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe [2010-6-9 81920]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-29 269480]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-3-3 1803584]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-29 61960]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-5 114688]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-6-9 60928]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-25 1405384]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-3 63488]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-9 59392]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-9 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-6-9 274984]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-9 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-9 132352]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-9 209920]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S1 MpKsl9cd94d1a;MpKsl9cd94d1a;c:\programdata\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl9cd94d1a.sys [2011-3-29 28752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-6 136176]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-6-9 134144]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-25 15232]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-9 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-9 38912]

S3 rrau0002;rrau0002;c:\windows\system32\drivers\rrau0002.sys [2011-1-12 45056]

S3 rrwd0002;rrwd0002;c:\windows\system32\drivers\rrwd0002.sys [2011-1-12 129536]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]

.

=============== Created Last 30 ================

.

2011-03-29 21:12:15 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl44fdf083.sys

2011-03-29 19:48:19 -------- d-----w- c:\users\paulm\appdata\roaming\Avira

2011-03-29 18:38:40 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKslacdbd338.sys

2011-03-29 18:31:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-29 18:31:13 -------- d-----w- c:\program files\Avira

2011-03-29 18:31:13 -------- d-----w- c:\progra~2\Avira

2011-03-29 15:17:35 -------- d-----w- c:\users\paulm\appdata\local\Apple Computer

2011-03-29 14:51:30 -------- d-----w- c:\users\paulm\appdata\local\Adobe

2011-03-28 09:24:47 -------- d-----w- c:\users\paulm\appdata\roaming\Malwarebytes

2011-03-28 09:24:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:24:41 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-28 09:24:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 09:24:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 07:51:37 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{fbb2888d-1cb4-4948-8553-7f01770785dd}\gapaengine.dll

2011-03-28 07:51:18 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\mpengine.dll

2011-03-28 07:46:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-03-28 07:46:05 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-03-26 18:01:13 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-03-26 15:01:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-03-26 15:01:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-03-26 15:00:47 -------- d-----w- c:\users\paulm\appdata\local\Sunbelt Software

2011-03-26 14:58:56 -------- dc-h--w- c:\progra~2\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}

2011-03-26 14:58:51 -------- d-----w- c:\program files\Lavasoft

2011-03-26 09:46:32 30000 ----a-w- c:\windows\system32\fepx3k.dll

2011-03-26 03:01:48 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f695fc55-9240-41e4-9076-7acc575f7766}\mpengine.dll

2011-03-24 16:48:36 -------- d-----w- c:\windows\Lake Controller

2011-03-24 16:48:36 -------- d-----w- c:\program files\Lake

2011-03-22 19:46:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-22 19:46:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-03-14 08:29:03 -------- d-----w- c:\program files\iPod

2011-03-12 11:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-03-12 11:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-03-11 03:01:07 -------- d-----w- c:\program files\Microsoft

2011-03-09 13:16:18 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 13:16:18 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 13:16:18 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 13:16:13 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 13:16:13 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 13:16:13 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 13:16:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 13:16:12 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 13:16:11 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-07 09:46:41 -------- d-----w- c:\program files\iTunes

2011-03-06 19:35:14 -------- d-----w- c:\program files\CarbonPoker

2011-03-03 20:08:33 -------- d-----w- c:\program files\DoremiSoft

2011-02-28 22:29:19 -------- d-----w- c:\users\paulm\appdata\local\tagtraum industries

2011-02-28 22:25:54 -------- d-----w- c:\program files\tagtraum industries

.

==================== Find3M ====================

.

2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: ST932042 rev.D004 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x88176439]<<

c:\windows\system32\drivers\stdfltn.sys ST Microelectronics Disk Filter Driver for Accelerometer

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8817c7d0]; MOV EAX, [0x8817c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82E78448] -> \Device\Harddisk0\DR0[0x88153AC8]

3 CLASSPNP[0x8B5B359E] -> ntkrnlpa!IofCallDriver[0x82E78448] -> [0x88153020]

5 stdfltn[0x8B7E370C] -> ntkrnlpa!IofCallDriver[0x82E78448] -> [0x8661BC08]

7 ACPI[0x836BF3B2] -> ntkrnlpa!IofCallDriver[0x82E78448] -> \IAAStorageDevice-1[0x8665A028]

\Driver\iaStor[0x881522D8] -> IRP_MJ_CREATE -> 0x88176439

error: Read Access is denied.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9320423AS_____________________________D004SDM1#4&870f84&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 7:56:23.45 ===============

Also attached .zip file of Attach.txt and ARK.txt.

Any help you can provide would be greatly appreciated before i go and re-install windows.....

Thank you.

Paul McMullan.attach.zip

Link to post
Share on other sites

Hello Paul! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post the following logs:

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi there, thanks for your help thus far :o)

I took a log from TDSSKILLER post the instructed reboot -

2011/03/30 13:40:30.0612 4260 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/30 13:40:30.0883 4260 ================================================================================

2011/03/30 13:40:30.0883 4260 SystemInfo:

2011/03/30 13:40:30.0883 4260

2011/03/30 13:40:30.0883 4260 OS Version: 6.1.7600 ServicePack: 0.0

2011/03/30 13:40:30.0883 4260 Product type: Workstation

2011/03/30 13:40:30.0883 4260 ComputerName: PAULM-PC

2011/03/30 13:40:30.0884 4260 UserName: Paulm

2011/03/30 13:40:30.0884 4260 Windows directory: C:\Windows

2011/03/30 13:40:30.0884 4260 System windows directory: C:\Windows

2011/03/30 13:40:30.0884 4260 Processor architecture: Intel x86

2011/03/30 13:40:30.0884 4260 Number of processors: 4

2011/03/30 13:40:30.0884 4260 Page size: 0x1000

2011/03/30 13:40:30.0884 4260 Boot type: Normal boot

2011/03/30 13:40:30.0884 4260 ================================================================================

2011/03/30 13:40:31.0951 4260 Initialize success

Attach (2).zip

If i have dont any of the above incorrectly i appologise for being a cretin.

Thanks.

Paulm.

Link to post
Share on other sites

Appologies!

is below correct ?

Thank You.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Paulm at 13:41:25.62 on 30/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2934.1543 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\nlssrv32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\autoclk.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Users\Paulm\AppData\Local\Temp\Rar$EX00.630\TDSSKiller.exe

C:\Users\Paulm\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [autoclk] autoclk.exe

mRun: [adiras] adiras.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\users\paulm\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\paulm\appdata\roaming\mozilla\firefox\profiles\5rwebjdh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\paulm\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-26 64512]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-6-9 17072]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl9c11dccc;MpKsl9c11dccc;c:\programdata\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl9c11dccc.sys [2011-3-30 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe [2010-6-9 81920]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-29 269480]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-3-3 1803584]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-29 61960]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-5 114688]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-6-9 60928]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-25 1405384]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-3 63488]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-9 59392]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-9 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-6-9 274984]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-9 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-9 132352]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-9 209920]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S1 MpKsl9cd94d1a;MpKsl9cd94d1a;c:\programdata\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl9cd94d1a.sys [2011-3-29 28752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-6 136176]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-6-9 134144]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-25 15232]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-9 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-9 38912]

S3 rrau0002;rrau0002;c:\windows\system32\drivers\rrau0002.sys [2011-1-12 45056]

S3 rrwd0002;rrwd0002;c:\windows\system32\drivers\rrwd0002.sys [2011-1-12 129536]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]

.

=============== Created Last 30 ================

.

2011-03-30 12:38:54 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\MpKsl9c11dccc.sys

2011-03-29 19:48:19 -------- d-----w- c:\users\paulm\appdata\roaming\Avira

2011-03-29 18:31:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-29 18:31:13 -------- d-----w- c:\program files\Avira

2011-03-29 18:31:13 -------- d-----w- c:\progra~2\Avira

2011-03-29 15:17:35 -------- d-----w- c:\users\paulm\appdata\local\Apple Computer

2011-03-29 14:51:30 -------- d-----w- c:\users\paulm\appdata\local\Adobe

2011-03-28 09:24:47 -------- d-----w- c:\users\paulm\appdata\roaming\Malwarebytes

2011-03-28 09:24:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:24:41 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-28 09:24:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 09:24:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 07:51:37 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{fbb2888d-1cb4-4948-8553-7f01770785dd}\gapaengine.dll

2011-03-28 07:51:18 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{4caa7229-251e-4a3a-b89e-00de9b76068d}\mpengine.dll

2011-03-28 07:46:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-03-28 07:46:05 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-03-26 18:01:13 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-03-26 15:01:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-03-26 15:01:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-03-26 15:00:47 -------- d-----w- c:\users\paulm\appdata\local\Sunbelt Software

2011-03-26 14:58:56 -------- dc-h--w- c:\progra~2\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}

2011-03-26 14:58:51 -------- d-----w- c:\program files\Lavasoft

2011-03-26 09:46:32 30000 ----a-w- c:\windows\system32\fepx3k.dll

2011-03-26 03:01:48 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f695fc55-9240-41e4-9076-7acc575f7766}\mpengine.dll

2011-03-24 16:48:36 -------- d-----w- c:\windows\Lake Controller

2011-03-24 16:48:36 -------- d-----w- c:\program files\Lake

2011-03-22 19:46:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-22 19:46:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-03-14 08:29:03 -------- d-----w- c:\program files\iPod

2011-03-12 11:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-03-12 11:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-03-11 03:01:07 -------- d-----w- c:\program files\Microsoft

2011-03-09 13:16:18 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 13:16:18 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 13:16:18 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 13:16:13 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 13:16:13 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 13:16:13 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 13:16:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 13:16:12 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 13:16:11 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-07 09:46:41 -------- d-----w- c:\program files\iTunes

2011-03-06 19:35:14 -------- d-----w- c:\program files\CarbonPoker

2011-03-03 20:08:33 -------- d-----w- c:\program files\DoremiSoft

2011-02-28 22:29:19 -------- d-----w- c:\users\paulm\appdata\local\tagtraum industries

2011-02-28 22:25:54 -------- d-----w- c:\program files\tagtraum industries

.

==================== Find3M ====================

.

2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855ADE20]<<

_asm { PUSH EBP; CALL 0x6; }

1 ntkrnlpa!IofCallDriver[0x82E90448] -> \Device\Harddisk0\DR0[0x87D52AC8]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

.

============= FINISH: 13:42:30.33 ===============

2011/03/30 13:40:30.0612 4260 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/30 13:40:30.0883 4260 ================================================================================

2011/03/30 13:40:30.0883 4260 SystemInfo:

2011/03/30 13:40:30.0883 4260

2011/03/30 13:40:30.0883 4260 OS Version: 6.1.7600 ServicePack: 0.0

2011/03/30 13:40:30.0883 4260 Product type: Workstation

2011/03/30 13:40:30.0883 4260 ComputerName: PAULM-PC

2011/03/30 13:40:30.0884 4260 UserName: Paulm

2011/03/30 13:40:30.0884 4260 Windows directory: C:\Windows

2011/03/30 13:40:30.0884 4260 System windows directory: C:\Windows

2011/03/30 13:40:30.0884 4260 Processor architecture: Intel x86

2011/03/30 13:40:30.0884 4260 Number of processors: 4

2011/03/30 13:40:30.0884 4260 Page size: 0x1000

2011/03/30 13:40:30.0884 4260 Boot type: Normal boot

2011/03/30 13:40:30.0884 4260 ================================================================================

2011/03/30 13:40:31.0951 4260 Initialize success

Link to post
Share on other sites

Good!

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Latitude E5510

Logical Drives Mask: 0x0200100c

Kernel Drivers (total 172):

0x82E54000 \SystemRoot\system32\ntkrnlpa.exe

0x82E1D000 \SystemRoot\system32\halmacpi.dll

0x80BB3000 \SystemRoot\system32\kdcom.dll

0x8AC0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x8AC82000 \SystemRoot\system32\PSHED.dll

0x8AC93000 \SystemRoot\system32\BOOTVID.dll

0x8AC9B000 \SystemRoot\system32\CLFS.SYS

0x8ACDD000 \SystemRoot\system32\CI.dll

0x8AD88000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8AE27000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8AE35000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x8AE7D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x8AE86000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x8AE8E000 \SystemRoot\system32\DRIVERS\pci.sys

0x8AEB8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8AEC3000 \SystemRoot\System32\drivers\partmgr.sys

0x8AED4000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8AEDC000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8AEE7000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8AEF7000 \SystemRoot\System32\drivers\volmgrx.sys

0x8AF42000 \SystemRoot\System32\drivers\mountmgr.sys

0x8B02C000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x8B1E1000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x8AF58000 \SystemRoot\system32\drivers\fltmgr.sys

0x8B1EA000 \SystemRoot\system32\drivers\fileinfo.sys

0x8B000000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x8B00F000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8B218000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B347000 \SystemRoot\System32\Drivers\msrpc.sys

0x8B372000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B385000 \SystemRoot\System32\Drivers\cng.sys

0x8B3E2000 \SystemRoot\System32\drivers\pcw.sys

0x8B3F0000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8B41B000 \SystemRoot\system32\drivers\ndis.sys

0x8B4D2000 \SystemRoot\system32\drivers\NETIO.SYS

0x8B510000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8B603000 \SystemRoot\System32\drivers\tcpip.sys

0x8B74C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B77D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8B786000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8B7C5000 \SystemRoot\system32\DRIVERS\stdfltn.sys

0x8B7C8000 \SystemRoot\System32\Drivers\spldr.sys

0x8B7D0000 \SystemRoot\System32\drivers\rdyboost.sys

0x8B535000 \SystemRoot\system32\DRIVERS\PBADRV.sys

0x8B540000 \SystemRoot\System32\Drivers\mup.sys

0x8B550000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8B558000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8B58A000 \SystemRoot\system32\DRIVERS\disk.sys

0x8B59B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x90800000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8B5CD000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x9081F000 \SystemRoot\System32\Drivers\Null.SYS

0x90826000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B5F4000 \SystemRoot\System32\drivers\vga.sys

0x8AF8C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8B400000 \SystemRoot\System32\drivers\watchdog.sys

0x909F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8B40D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8B200000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8B208000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8B019000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8AFAD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8AFC4000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x90A03000 \SystemRoot\system32\drivers\afd.sys

0x90A5D000 \SystemRoot\System32\DRIVERS\netbt.sys

0x90A8F000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x90A96000 \SystemRoot\system32\DRIVERS\pacer.sys

0x90AB5000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x90AC6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys

0x90AD6000 \SystemRoot\system32\DRIVERS\netbios.sys

0x90AE4000 \SystemRoot\system32\DRIVERS\serial.sys

0x90AFE000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x90B11000 \SystemRoot\system32\drivers\vpcvmm.sys

0x90B58000 \SystemRoot\system32\DRIVERS\termdd.sys

0x90B68000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0x90B6E000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x90BAF000 \SystemRoot\system32\drivers\nsiproxy.sys

0x90BB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x90BC3000 \SystemRoot\System32\drivers\discache.sys

0x90E24000 \SystemRoot\system32\drivers\csc.sys

0x90E88000 \SystemRoot\System32\Drivers\dfsc.sys

0x90EA0000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x90EAE000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x90ED4000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x9161A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x91CA0000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x91D57000 \SystemRoot\System32\drivers\dxgmms1.sys

0x91D90000 \SystemRoot\system32\DRIVERS\HECI.sys

0x91D9B000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x91DAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x90EF5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x92400000 \SystemRoot\system32\DRIVERS\NETw5s32.sys

0x929DF000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x929E9000 \SystemRoot\system32\DRIVERS\risdpe86.sys

0x90F14000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x90F40000 \SystemRoot\system32\DRIVERS\b57nd60x.sys

0x91600000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x90F85000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x91DF5000 \SystemRoot\system32\DRIVERS\serenum.sys

0x90F92000 \SystemRoot\system32\DRIVERS\parport.sys

0x90FAA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x90FEC000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x90FF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x90E00000 \SystemRoot\system32\DRIVERS\Impcd.sys

0x90BCF000 \SystemRoot\system32\DRIVERS\Accelern.sys

0x90BD8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x90BEA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x90BEE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x8AFCF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x8AFDC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x8AE00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8AE18000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x91E20000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x91E42000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x91E5A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x91E71000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x91E88000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x91E92000 \SystemRoot\system32\DRIVERS\swenum.sys

0x91E94000 \SystemRoot\system32\DRIVERS\ks.sys

0x91EC8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x91ED6000 \SystemRoot\system32\DRIVERS\vpcusb.sys

0x91EEE000 \SystemRoot\system32\DRIVERS\usbrpm.sys

0x91EFB000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x91EFD000 \SystemRoot\system32\DRIVERS\vpchbus.sys

0x91F33000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x91F77000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x91F88000 \SystemRoot\system32\DRIVERS\stwrt.sys

0x92C12000 \SystemRoot\system32\DRIVERS\portcls.sys

0x92C41000 \SystemRoot\system32\DRIVERS\drmk.sys

0x92C5A000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x92C94000 \SystemRoot\System32\Drivers\crashdmp.sys

0x92CA1000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x9082D000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x92CB8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x92CC9000 \SystemRoot\System32\Drivers\usbvideo.sys

0x92CED000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys

0x94920000 \SystemRoot\System32\win32k.sys

0x92D11000 \SystemRoot\System32\drivers\Dxapi.sys

0x92D1B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x94B80000 \SystemRoot\System32\TSDDD.dll

0x94BB0000 \SystemRoot\System32\cdd.dll

0x94800000 \SystemRoot\System32\ATMFD.DLL

0x92D26000 \SystemRoot\system32\drivers\luafv.sys

0x92D41000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys

0x92D79000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x92D9A000 \SystemRoot\system32\drivers\WudfPf.sys

0x92DB4000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x95E31000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x95E77000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x95E87000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x95E9A000 \SystemRoot\system32\drivers\HTTP.sys

0x95F1F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x95F38000 \SystemRoot\System32\drivers\mpsdrv.sys

0x95F4A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x95F6D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x95FA8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x95FC3000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x9781A000 \SystemRoot\system32\drivers\peauth.sys

0x978B1000 \SystemRoot\System32\Drivers\secdrv.SYS

0x978BB000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x978DC000 \SystemRoot\System32\drivers\tcpipreg.sys

0x978E9000 \SystemRoot\System32\DRIVERS\srv2.sys

0x97938000 \SystemRoot\System32\DRIVERS\srv.sys

0x97989000 \SystemRoot\System32\Drivers\fastfat.SYS

0x979B3000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

0x979BD000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0xBF898000 \??\C:\Users\Paulm\AppData\Local\Temp\mbr.sys

0xBF89F000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58D6F852-05D0-488C-82FF-FEB1A1D8A97A}\MpKsle5af25b5.sys

0xBF8A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77210000 \Windows\System32\ntdll.dll

0x484D0000 \Windows\System32\smss.exe

0x77450000 \Windows\System32\apisetschema.dll

Processes (total 101):

0 System Idle Process

4 System

336 C:\Windows\System32\smss.exe

460 csrss.exe

512 C:\Windows\System32\wininit.exe

524 csrss.exe

572 C:\Windows\System32\services.exe

592 C:\Windows\System32\lsass.exe

600 C:\Windows\System32\lsm.exe

632 C:\Windows\System32\winlogon.exe

752 C:\Windows\System32\svchost.exe

852 C:\Program Files\Fingerprint Sensor\AtService.exe

888 C:\Windows\System32\svchost.exe

956 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

1056 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\svchost.exe

1220 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\stacsv.exe

1500 C:\Windows\System32\svchost.exe

1620 C:\Windows\System32\svchost.exe

1720 C:\Windows\System32\wlanext.exe

1728 C:\Windows\System32\conhost.exe

1740 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

1864 C:\Windows\System32\spoolsv.exe

1892 C:\Windows\System32\svchost.exe

1924 C:\Program Files\Avira\AntiVir Desktop\sched.exe

1944 C:\Windows\System32\svchost.exe

128 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe

408 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

476 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

368 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

452 C:\Windows\System32\conhost.exe

436 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

872 C:\Program Files\Bonjour\mDNSResponder.exe

1192 C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

1580 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2056 C:\Program Files\Canon\IJPLM\ijplmsvc.exe

2080 C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

2168 C:\Windows\System32\svchost.exe

2192 C:\Windows\System32\nlssrv32.exe

2228 C:\Windows\System32\svchost.exe

2276 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2304 C:\Program Files\Microsoft\BingBar\SeaPort.EXE

2364 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2384 C:\Windows\System32\svchost.exe

2448 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

2536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2584 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

2616 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

2668 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

2920 unsecapp.exe

2984 unsecapp.exe

3244 C:\Windows\System32\taskhost.exe

3304 WmiPrvSE.exe

3496 C:\Windows\System32\dwm.exe

3504 WmiPrvSE.exe

3556 C:\Windows\explorer.exe

3904 C:\Program Files\DellTPad\Apoint.exe

3920 C:\Program Files\IDT\WDM\sttray.exe

3940 C:\Windows\System32\igfxtray.exe

3976 C:\Windows\System32\hkcmd.exe

4024 C:\Windows\System32\igfxpers.exe

4032 C:\Windows\System32\svchost.exe

2132 C:\Windows\System32\igfxsrvc.exe

2108 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

2812 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

3472 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

3684 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

3192 C:\Program Files\DellTPad\ApMsgFwd.exe

2112 C:\Program Files\DellTPad\ApntEx.exe

4052 C:\Program Files\DellTPad\hidfind.exe

1376 C:\Program Files\Common Files\Java\Java Update\jusched.exe

984 C:\Windows\System32\conhost.exe

4312 C:\Windows\autoclk.exe

4320 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

4344 C:\Windows\System32\SearchIndexer.exe

4368 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

4452 C:\Program Files\iTunes\iTunesHelper.exe

4468 C:\Program Files\Microsoft Security Client\msseces.exe

4480 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

4776 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

4800 C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

4824 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

5028 C:\Program Files\Windows Media Player\wmpnetwk.exe

5036 C:\Windows\System32\igfxext.exe

5208 C:\Program Files\Windows Sidebar\sidebar.exe

5348 C:\Program Files\iPod\bin\iPodService.exe

3052 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

5660 C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

5692 C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

4808 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

5608 C:\Program Files\Mozilla Firefox\firefox.exe

4056 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

3812 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

4992 C:\Windows\System32\audiodg.exe

4948 C:\Windows\System32\SearchProtocolHost.exe

992 C:\Windows\System32\SearchFilterHost.exe

448 C:\Windows\System32\SearchProtocolHost.exe

5700 C:\Windows\explorer.exe

5708 C:\Users\Paulm\Downloads\MBRCheck.exe

3416 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: D004SDM1

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Link to post
Share on other sites

Awesome!

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6215

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/03/2011 14:25:32

mbam-log-2011-03-30 (14-25-32).txt

Scan type: Quick scan

Objects scanned: 164362

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Paulm at 14:32:50.16 on 30/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2934.1348 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\nlssrv32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\conhost.exe

C:\Windows\autoclk.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\explorer.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\prevhost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Paulm\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [autoclk] autoclk.exe

mRun: [adiras] adiras.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\users\paulm\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\paulm\appdata\roaming\mozilla\firefox\profiles\5rwebjdh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\paulm\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-26 64512]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-6-9 17072]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsle5af25b5;MpKsle5af25b5;c:\programdata\microsoft\microsoft antimalware\definition updates\{58d6f852-05d0-488c-82ff-feb1a1d8a97a}\MpKsle5af25b5.sys [2011-3-30 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe [2010-6-9 81920]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-29 269480]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-3-3 1803584]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-29 61960]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-5 114688]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-6-9 60928]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-25 1405384]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-3 63488]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-9 59392]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-9 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-6-9 274984]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-9 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-9 132352]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-9 209920]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-6 136176]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-6-9 134144]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-25 15232]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-9 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-9 38912]

S3 rrau0002;rrau0002;c:\windows\system32\drivers\rrau0002.sys [2011-1-12 45056]

S3 rrwd0002;rrwd0002;c:\windows\system32\drivers\rrwd0002.sys [2011-1-12 129536]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]

.

=============== Created Last 30 ================

.

2011-03-30 12:49:50 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{58d6f852-05d0-488c-82ff-feb1a1d8a97a}\MpKsle5af25b5.sys

2011-03-30 12:49:48 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-03-30 12:49:37 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{58d6f852-05d0-488c-82ff-feb1a1d8a97a}\mpengine.dll

2011-03-29 19:48:19 -------- d-----w- c:\users\paulm\appdata\roaming\Avira

2011-03-29 18:31:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-29 18:31:13 -------- d-----w- c:\program files\Avira

2011-03-29 18:31:13 -------- d-----w- c:\progra~2\Avira

2011-03-29 15:17:35 -------- d-----w- c:\users\paulm\appdata\local\Apple Computer

2011-03-29 14:51:30 -------- d-----w- c:\users\paulm\appdata\local\Adobe

2011-03-28 09:24:47 -------- d-----w- c:\users\paulm\appdata\roaming\Malwarebytes

2011-03-28 09:24:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:24:41 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-28 09:24:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 09:24:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 07:51:37 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{fbb2888d-1cb4-4948-8553-7f01770785dd}\gapaengine.dll

2011-03-28 07:46:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-03-28 07:46:05 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-03-26 18:01:13 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-03-26 15:01:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-03-26 15:01:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-03-26 15:00:47 -------- d-----w- c:\users\paulm\appdata\local\Sunbelt Software

2011-03-26 14:58:56 -------- dc-h--w- c:\progra~2\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}

2011-03-26 14:58:51 -------- d-----w- c:\program files\Lavasoft

2011-03-26 09:46:32 30000 ----a-w- c:\windows\system32\fepx3k.dll

2011-03-26 03:01:48 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f695fc55-9240-41e4-9076-7acc575f7766}\mpengine.dll

2011-03-24 16:48:36 -------- d-----w- c:\windows\Lake Controller

2011-03-24 16:48:36 -------- d-----w- c:\program files\Lake

2011-03-22 19:46:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-22 19:46:50 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-03-14 08:29:03 -------- d-----w- c:\program files\iPod

2011-03-12 11:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-03-12 11:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-03-11 03:01:07 -------- d-----w- c:\program files\Microsoft

2011-03-09 13:16:18 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 13:16:18 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 13:16:18 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 13:16:13 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 13:16:13 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 13:16:13 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 13:16:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 13:16:12 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 13:16:11 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-07 09:46:41 -------- d-----w- c:\program files\iTunes

2011-03-06 19:35:14 -------- d-----w- c:\program files\CarbonPoker

2011-03-03 20:08:33 -------- d-----w- c:\program files\DoremiSoft

2011-02-28 22:29:19 -------- d-----w- c:\users\paulm\appdata\local\tagtraum industries

2011-02-28 22:25:54 -------- d-----w- c:\program files\tagtraum industries

.

==================== Find3M ====================

.

2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 14:33:31.70 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------



  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Here you go mate!

ComboFix 11-03-29.06 - Paulm 30/03/2011 14:54:39.1.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2934.1591 [GMT 1:00]

Running from: c:\users\Paulm\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))

.

.

2011-03-30 13:59 . 2011-03-30 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-30 12:49 . 2011-03-30 12:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58D6F852-05D0-488C-82FF-FEB1A1D8A97A}\MpKsle5af25b5.sys

2011-03-30 12:49 . 2011-03-23 09:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-30 12:49 . 2011-03-23 09:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58D6F852-05D0-488C-82FF-FEB1A1D8A97A}\mpengine.dll

2011-03-29 19:48 . 2011-03-29 19:48 -------- d-----w- c:\users\Paulm\AppData\Roaming\Avira

2011-03-29 18:31 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-03-29 18:31 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-29 18:31 . 2011-03-29 18:31 -------- d-----w- c:\programdata\Avira

2011-03-29 18:31 . 2011-03-29 18:31 -------- d-----w- c:\program files\Avira

2011-03-29 15:17 . 2011-03-29 15:17 -------- d-----w- c:\users\Paulm\AppData\Local\Apple Computer

2011-03-29 14:51 . 2011-03-30 13:23 -------- d-----w- c:\users\Paulm\AppData\Local\Adobe

2011-03-28 09:24 . 2011-03-28 09:24 -------- d-----w- c:\users\Paulm\AppData\Roaming\Malwarebytes

2011-03-28 09:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 09:24 . 2011-03-28 09:24 -------- d-----w- c:\programdata\Malwarebytes

2011-03-28 09:24 . 2011-03-29 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-28 09:24 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 07:51 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBB2888D-1CB4-4948-8553-7F01770785DD}\gapaengine.dll

2011-03-28 07:46 . 2011-03-29 14:15 -------- d-----w- c:\program files\Microsoft Security Client

2011-03-28 07:46 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-03-26 18:01 . 2011-03-25 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-03-26 15:01 . 2011-03-25 08:03 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-03-26 15:01 . 2011-03-26 15:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-03-26 15:00 . 2011-03-26 15:00 -------- d-----w- c:\users\Paulm\AppData\Local\Sunbelt Software

2011-03-26 14:58 . 2011-03-29 14:15 -------- dc-h--w- c:\programdata\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}

2011-03-26 14:58 . 2011-03-26 14:59 -------- d-----w- c:\programdata\Lavasoft

2011-03-26 14:58 . 2011-03-26 14:58 -------- d-----w- c:\program files\Lavasoft

2011-03-26 09:46 . 2011-03-26 09:46 30000 ----a-w- c:\windows\system32\fepx3k.dll

2011-03-26 03:01 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F695FC55-9240-41E4-9076-7ACC575F7766}\mpengine.dll

2011-03-24 16:48 . 2011-03-24 16:48 -------- d-----w- c:\windows\Lake Controller

2011-03-24 16:48 . 2011-03-24 16:48 -------- d-----w- c:\program files\Lake

2011-03-22 19:46 . 2011-03-29 14:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-03-22 19:46 . 2011-03-22 19:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-14 08:29 . 2011-03-14 08:29 -------- d-----w- c:\program files\iPod

2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-03-11 03:01 . 2011-03-11 03:01 -------- d-----w- c:\program files\Microsoft

2011-03-09 13:16 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 13:16 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 13:16 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 13:16 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 13:16 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 13:16 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 13:16 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 13:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 13:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-07 10:10 . 2011-03-07 10:10 -------- d-----w- c:\program files\Common Files\Skype

2011-03-07 09:46 . 2011-03-14 08:29 -------- d-----w- c:\program files\iTunes

2011-03-06 19:35 . 2011-03-25 21:07 -------- d-----w- c:\program files\CarbonPoker

2011-03-03 20:08 . 2011-03-03 20:08 -------- d-----w- c:\program files\DoremiSoft

2011-02-28 22:29 . 2011-02-28 22:29 -------- d-----w- c:\users\Paulm\AppData\Local\tagtraum industries

2011-02-28 22:25 . 2011-02-28 22:25 -------- d-----w- c:\program files\tagtraum industries

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-30 14:01 . 2010-06-17 13:23 0 ----a-w- c:\users\Paulm\AppData\Local\WavXMapDrive.bat

2011-03-30 08:37 . 2011-02-17 09:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-03-29 09:47 . 2010-10-10 13:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-18 17:20 . 2010-10-10 13:13 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-10 07:53 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 09:46 . 2011-02-17 09:46 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-02-03 05:45 . 2011-02-09 12:22 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-01-07 07:31 . 2011-02-23 03:40 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31 . 2011-02-23 03:40 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27 . 2011-02-09 12:22 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33 . 2011-02-09 12:22 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37 . 2011-02-09 12:22 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37 . 2011-02-09 12:22 2329088 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-18 278528]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-24 495708]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-23 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-23 166936]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 147328]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-01 497648]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"autoclk"="autoclk.exe" [2003-01-30 143360]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

c:\users\Paulm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-12-25 962663]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 MpKsl44fdf083;MpKsl44fdf083;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CAA7229-251E-4A3A-B89E-00DE9B76068D}\MpKsl44fdf083.sys [x]

R1 MpKsl9cd94d1a;MpKsl9cd94d1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CAA7229-251E-4A3A-B89E-00DE9B76068D}\MpKsl9cd94d1a.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-06 136176]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-25 15232]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-02-21 48640]

R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-02-21 38912]

R3 rrau0002;rrau0002;c:\windows\system32\Drivers\rrau0002.sys [2009-12-21 45056]

R3 rrwd0002;rrwd0002;c:\windows\system32\Drivers\rrwd0002.sys [2009-12-21 129536]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-25 64512]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]

S1 MpKsle5af25b5;MpKsle5af25b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58D6F852-05D0-488C-82FF-FEB1A1D8A97A}\MpKsle5af25b5.sys [2011-03-30 28752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\aestsrv.exe [2010-02-24 81920]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-03-03 1803584]

S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-04 114688]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]

S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-25 1405384]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-03 63488]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-02-21 59392]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-06 21:59]

.

2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-06 21:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Paulm\AppData\Roaming\Mozilla\Firefox\Profiles\5rwebjdh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-adiras - adiras.exe

AddRemove-ImagenomicNoisewareProPlugin - c:\program files\Imagenomic\Noiseware Professional Plug-in\uninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3796)

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\autoclk.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\igfxext.exe

c:\program files\Windows Sidebar\sidebar.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2011-03-30 15:06:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-30 14:06

.

Pre-Run: 148,063,408,128 bytes free

Post-Run: 147,529,084,928 bytes free

.

- - End Of File - - AAB995BE9C9C3ED28EA6E56BFD2E1E6C

Link to post
Share on other sites

Thanks!

Please visit www.virustotal.com and upload the following file:

c:\windows\system32\fepx3k.dll

Post the result in your next reply.

not sure which bit you want, so here is a copy of all of it !

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

fepx3k.dll

Submission date:

2011-03-30 14:39:48 (UTC)

Current status:

queued queued analysing finished

Result:

0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.03.30.01 2011.03.30 -

AntiVir 7.11.5.119 2011.03.30 -

Antiy-AVL 2.0.3.7 2011.03.30 -

Avast 4.8.1351.0 2011.03.30 -

Avast5 5.0.677.0 2011.03.30 -

AVG 10.0.0.1190 2011.03.29 -

BitDefender 7.2 2011.03.30 -

CAT-QuickHeal 11.00 2011.03.30 -

ClamAV 0.96.4.0 2011.03.30 -

Commtouch 5.2.11.5 2011.03.24 -

Comodo 8148 2011.03.29 -

DrWeb 5.0.2.03300 2011.03.30 -

Emsisoft 5.1.0.4 2011.03.30 -

eSafe 7.0.17.0 2011.03.30 -

eTrust-Vet 36.1.8242 2011.03.29 -

F-Prot 4.6.2.117 2011.03.29 -

F-Secure 9.0.16440.0 2011.03.23 -

Fortinet 4.2.254.0 2011.03.30 -

GData 22 2011.03.30 -

Ikarus T3.1.1.97.0 2011.03.30 -

Jiangmin 13.0.900 2011.03.29 -

K7AntiVirus 9.94.4241 2011.03.29 -

Kaspersky 7.0.0.125 2011.03.30 -

McAfee 5.400.0.1158 2011.03.30 -

McAfee-GW-Edition 2010.1C 2011.03.30 -

Microsoft 1.6702 2011.03.30 -

NOD32 5998 2011.03.30 -

Norman 6.07.03 2011.03.29 -

nProtect 2011-02-10.01 2011.02.15 -

Panda 10.0.3.5 2011.03.29 -

PCTools 7.0.3.5 2011.03.30 -

Prevx 3.0 2011.03.30 -

Rising 23.51.02.03 2011.03.30 -

Sophos 4.64.0 2011.03.30 -

SUPERAntiSpyware 4.40.0.1006 2011.03.30 -

Symantec 20101.3.0.103 2011.03.30 -

TheHacker 6.7.0.1.161 2011.03.30 -

TrendMicro 9.200.0.1012 2011.03.30 -

TrendMicro-HouseCall 9.200.0.1012 2011.03.30 -

VBA32 3.12.14.3 2011.03.30 -

VIPRE 8864 2011.03.30 -

ViRobot 2011.3.30.4383 2011.03.30 -

VirusBuster 13.6.276.0 2011.03.29 -

Additional information

Show all

MD5 : 429243242c23867fefa7eab7438747f8

SHA1 : e0b84b834a7adb40107fa783a008fd5e699dd938

SHA256: 3755862355e2e7d0e0dc0f6b98a89978c0710890982862dd17975829e35be6b4

ssdeep: 3::

File size : 30000 bytes

First seen: 2010-05-21 05:37:21

Last seen : 2011-03-30 14:39:48

TrID:

OpenGL object (29.2%)

Lotus 123 Worksheet (generic) (14.6%)

HSC music composer song (9.2%)

Game Music Creator Music (8.2%)

MacBinary 1 header (7.5%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

ExifTool:

file metadata

Error: File format error

FileSize: 29 kB

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Many, Many thanks!

Link to post
Share on other sites

Glad I could help! :)

Last steps for you:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS, GMER, MBRCheck and TDSSKiller.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.