Jump to content

Recommended Posts

Okay... I surrender ! This has gotten the best of me so help ? please ?

Not sure how it got started but selected links from searches via Google and Bing are both being redirected

to random sites. If I copy and paste the URL or use the Copy Short-cut and paste, the result are correct.

I've run every tool I have and still can't find the cause. I am using MBAM scanner and real-time and MS Essentials

as my primary AV/Malware protection.

A new twist to the problem is that the MBAM service fails to start after each reboot. THe problem appears to be

cause by the MBAM.sys file being deleted from the C:\WINDOWS\System32\Drivers folder. Easily fixed by dropping a

copy of the file into the folder and restarting the service.

THANKS !!!!

Here are the logs files:

MBAM -

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6553

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/12/2011 8:34:06 AM

mbam-log-2011-05-12 (08-34-06).txt

Scan type: Full scan (C:\|)

Objects scanned: 295054

Time elapsed: 1 hour(s), 9 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS-

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by bgreenfield at 8:59:15.40 on Thu 05/12/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2114 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe

C:\WINDOWS\system32\IProsetMonitor.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\oracle\ora92\bin\omtsreco.exe

C:\WINDOWS\system32\PGPserv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe

C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\mstsc.exe

C:\WINDOWS\system32\mstsc.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\bgreenfield\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe

mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe

mRun: [DT HWP] c:\program files\portrait displays\hp display assistant\DTHtml.exe -startup_folder

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HPWNTOOLBOX] c:\program files\hewlett-packard\hp business inkjet 1200 series\toolbox\HPWNTBX.exe "-i"

mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\bgreen~1\startm~1\programs\startup\btguar~1.lnk - c:\btguard\settings.exe

StartupFolder: c:\docume~1\bgreen~1\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{a3ccab46-a06e-4f47-96fc-886733be9708}\Icon6560581611.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: handler

Trusted Zone: jwsoftware.com

Trusted Zone: rockandhardplace.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {329F8E26-A899-4718-8CD0-DC41C049EE2D} - hxxp://ewc-testserver1/fhwintest/AutoCreateWord.CAB

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: {5148F72F-4897-41CC-B000-CBDDA20EED34} - hxxp://handler/FileHandler/FHImaging.CAB

DPF: {627C5D14-CB66-493E-B0F3-589C7E2FA875} - hxxp://10.0.0.195/WebClient.cab

DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {99CDCF05-D2AF-4663-98C5-D9C502855EA1} - hxxp://handler/FileHandler/FHPrintChecks.CAB

DPF: {BDBC9639-C271-4B57-B69A-7F0A377F2705} - hxxp://fhweb/fhweb/AutomateWord.CAB

DPF: {BE5E813F-B831-4E5B-B029-D938094909F0} - hxxp://fhweb/fhweb/FHWordSpellChecker.CAB

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://cgproducts.johnsoncontrols.com/jre/jre-1_5_0_04-windows-i586-p.exe

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ingenix.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab

DPF: {EE1DC5D6-285D-479D-8F38-33EE20B0B5C8} - hxxp://fhweb/fhweb/AutoMergeWord.CAB

TCP: {983FF5DB-8E8F-45A2-9311-D2D224D53BF0} = 10.0.0.246,10.0.0.23

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\PGPmapih.dll PGPmapih.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\bgreen~1\applic~1\mozilla\firefox\profiles\u4t3zx9g.default\

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-4 30600]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-4 35720]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-5-4 20744]

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2008-5-21 115768]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-4 14216]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsle6562661;MpKsle6562661;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{086e6a65-daa7-4d41-8302-e2f372cd6fbd}\MpKsle6562661.sys [2011-5-12 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-4 56200]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-3-31 109728]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-4 363344]

R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-1-14 354176]

R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-5-4 187528]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-12 20952]

S1 MpKslcc2c12fc;MpKslcc2c12fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db34251d-a49a-4258-92fe-521bf34f185d}\mpkslcc2c12fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db34251d-a49a-4258-92fe-521bf34f185d}\MpKslcc2c12fc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz130;cpuz130;\??\c:\docume~1\bgreen~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\bgreen~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [2007-10-25 83124]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-27 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate1ca2751d7dd187a;Google Update Service (gupdate1ca2751d7dd187a);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]

.

=============== Created Last 30 ================

.

2011-05-12 11:02:29 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{086e6a65-daa7-4d41-8302-e2f372cd6fbd}\MpKsle6562661.sys

2011-05-12 11:02:17 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{086e6a65-daa7-4d41-8302-e2f372cd6fbd}\mpengine.dll

2011-05-12 10:53:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-12 10:46:40 -------- d-----w- c:\program files\Trojan Remover

2011-05-11 18:45:48 98816 ----a-w- c:\windows\sed.exe

2011-05-11 18:45:48 89088 ----a-w- c:\windows\MBR.exe

2011-05-11 18:45:48 256512 ----a-w- c:\windows\PEV.exe

2011-05-11 18:45:48 161792 ----a-w- c:\windows\SWREG.exe

2011-05-09 19:01:04 -------- d-----w- c:\docume~1\bgreen~1\applic~1\SUPERAntiSpyware.com

2011-05-09 19:01:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-05-09 19:00:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-04 12:17:31 20952 ----a-w- c:\windows\system32\drivers\Copy of mbam.sys

2011-05-04 12:11:54 38224 ----a-w- c:\windows\system32\drivers\Copy of mbamswissarmy.sys

2011-05-04 11:49:15 -------- d-----w- C:\BOOT

2011-05-04 11:49:07 20744 ----a-w- c:\windows\system32\drivers\eufs.sys

2011-05-04 11:49:07 187528 ----a-w- c:\windows\system32\drivers\eudisk.sys

2011-05-04 11:49:06 30600 ----a-w- c:\windows\system32\drivers\eubakup.sys

2011-05-04 11:49:06 14216 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2011-05-04 11:49:05 35720 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2011-05-04 11:48:45 18824 ----a-w- c:\windows\system32\fbnative.exe

2011-05-04 11:14:24 -------- d-----w- c:\docume~1\bgreen~1\applic~1\Malwarebytes

2011-05-04 11:14:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-04 11:14:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-04 11:14:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-03 18:12:07 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-03 18:12:07 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-30 18:31:53 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-04-29 19:16:36 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-04-29 18:24:16 -------- d-----w- c:\program files\Microsoft Security Client

2011-04-29 15:17:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-04-28 16:12:24 -------- d-----w- c:\program files\ESET

2011-04-25 10:51:33 -------- d-----w- c:\program files\iPod

2011-04-25 10:51:31 -------- d-----w- c:\program files\iTunes

2011-04-25 10:47:50 -------- d-----w- c:\program files\Bonjour

2011-04-22 18:33:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-22 18:33:30 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-04-22 18:33:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-04-21 12:54:32 102400 ----a-w- c:\windows\scrub2k.exe

.

==================== Find3M ====================

.

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-21 13:58:03 152064 ----a-w- c:\windows\system32\xvid.ax

2011-03-19 15:06:01 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-03-19 15:04:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2009-12-09 19:07:44 1238544 ----a-w- c:\program files\procexp.exe

2003-03-25 05:47:32 267264 ----a-w- c:\program files\tsadmin.exe

.

============= FINISH: 9:00:18.81 ===============

110512_Attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks for replying and thanks for the assist.

As requested aswMBR.txt content

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-17 12:10:48

-----------------------------

12:10:48.399 OS Version: Windows 5.1.2600 Service Pack 3

12:10:48.399 Number of processors: 2 586 0xF0B

12:10:48.399 ComputerName: EWC-GREENFIELD UserName: bgreenfield

12:10:49.196 Initialize success

12:11:02.039 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

12:11:02.039 Disk 0 Vendor: ST3250310AS 3.AHB Size: 238475MB BusType: 3

12:11:04.055 Disk 0 MBR read successfully

12:11:04.055 Disk 0 MBR scan

12:11:04.055 Disk 0 unknown MBR code

12:11:06.055 Disk 0 scanning sectors +488376000

12:11:06.071 Disk 0 scanning C:\WINDOWS\system32\drivers

12:11:13.039 Service scanning

12:11:14.743 Disk 0 trace - called modules:

12:11:14.758 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b1711ed]<<

12:11:14.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b206ab8]

12:11:14.758 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8b25d4e8]

12:11:14.758 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1f2940]

12:11:14.758 \Driver\atapi[0x8b1ab510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8b1711ed

12:11:14.758 Scan finished successfully

12:11:26.727 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bgreenfield\Desktop\MBR.dat"

12:11:26.805 The log file has been saved successfully to "C:\Documents and Settings\bgreenfield\Desktop\aswMBR.txt"

Link to post
Share on other sites

Are you using a router?

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Yes - behind a router

Current behavior: it's being a good computer.... selecting a link from a Google Search DOES bring up the correct link

MBAM.sys was NOT deleted on the reboot

TDSSKiller did find a suspicious file, CURE was available and a reboot was required -

Here is the log:

2011/05/17 12:22:47.0629 3444 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/17 12:22:47.0941 3444 ================================================================================

2011/05/17 12:22:47.0941 3444 SystemInfo:

2011/05/17 12:22:47.0941 3444

2011/05/17 12:22:47.0941 3444 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/17 12:22:47.0941 3444 Product type: Workstation

2011/05/17 12:22:47.0941 3444 ComputerName: EWC-GREENFIELD

2011/05/17 12:22:47.0941 3444 UserName: bgreenfield

2011/05/17 12:22:47.0941 3444 Windows directory: C:\WINDOWS

2011/05/17 12:22:47.0941 3444 System windows directory: C:\WINDOWS

2011/05/17 12:22:47.0941 3444 Processor architecture: Intel x86

2011/05/17 12:22:47.0941 3444 Number of processors: 2

2011/05/17 12:22:47.0941 3444 Page size: 0x1000

2011/05/17 12:22:47.0941 3444 Boot type: Normal boot

2011/05/17 12:22:47.0941 3444 ================================================================================

2011/05/17 12:22:48.0394 3444 Initialize success

2011/05/17 12:22:58.0879 4732 ================================================================================

2011/05/17 12:22:58.0879 4732 Scan started

2011/05/17 12:22:58.0879 4732 Mode: Manual;

2011/05/17 12:22:58.0879 4732 ================================================================================

2011/05/17 12:23:00.0004 4732 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/05/17 12:23:00.0051 4732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/17 12:23:00.0082 4732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/17 12:23:00.0129 4732 ADIHdAudAddService (2dc6ff5da4ea7ca1d4128a7541734b9f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/05/17 12:23:00.0144 4732 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/17 12:23:00.0176 4732 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/05/17 12:23:00.0207 4732 AEAudio (3bc9c8baf983b583e14088e6ff74a8a1) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/05/17 12:23:00.0254 4732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/17 12:23:00.0285 4732 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/17 12:23:00.0332 4732 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/17 12:23:00.0347 4732 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/17 12:23:00.0441 4732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/17 12:23:00.0472 4732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/17 12:23:00.0504 4732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/17 12:23:00.0551 4732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/17 12:23:00.0597 4732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/17 12:23:00.0644 4732 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/05/17 12:23:00.0676 4732 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/05/17 12:23:00.0707 4732 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/05/17 12:23:00.0738 4732 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/05/17 12:23:00.0769 4732 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2011/05/17 12:23:00.0816 4732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/17 12:23:00.0847 4732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/17 12:23:00.0894 4732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/17 12:23:00.0941 4732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/17 12:23:00.0988 4732 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/17 12:23:01.0191 4732 CSRBC01 (18121f6df202a9bb616292f224203d6a) C:\WINDOWS\system32\Drivers\CSRBC01.sys

2011/05/17 12:23:01.0254 4732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/17 12:23:01.0301 4732 DLABOIOM (5a29679449029a82df994b862b7d0de0) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/05/17 12:23:01.0332 4732 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/05/17 12:23:01.0347 4732 DLADResN (abc78983804e767cb99b04a5ab1c568f) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/05/17 12:23:01.0363 4732 DLAIFS_M (29e86b3dbcc0ccf2dcc12191ba17eb2b) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/05/17 12:23:01.0394 4732 DLAOPIOM (3d3ca499291fab9966198c2c1ca7043f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/05/17 12:23:01.0410 4732 DLAPoolM (ce8032966e6c15ef980c7cd0810ed5d0) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/05/17 12:23:01.0472 4732 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/05/17 12:23:01.0488 4732 DLAUDFAM (e79432d1bf255854a0006fba9682473a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/05/17 12:23:01.0504 4732 DLAUDF_M (095f713890fc229fa0c70dffd04ffcc3) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/05/17 12:23:01.0582 4732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/17 12:23:01.0644 4732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/17 12:23:01.0660 4732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/17 12:23:01.0676 4732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/17 12:23:01.0707 4732 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/17 12:23:01.0722 4732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/17 12:23:01.0738 4732 DRVMCDB (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/05/17 12:23:01.0738 4732 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/05/17 12:23:01.0769 4732 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/17 12:23:01.0801 4732 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/05/17 12:23:01.0847 4732 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

2011/05/17 12:23:01.0894 4732 EUBAKUP (1fc4211733c428c7089f6025559581d1) C:\WINDOWS\system32\drivers\eubakup.sys

2011/05/17 12:23:01.0894 4732 EUBKMON (822a9bd84571d4524c9cc00d4fd69108) C:\WINDOWS\system32\drivers\EUBKMON.sys

2011/05/17 12:23:01.0941 4732 EUDISK (7f6b645f430191ff235e657fc0016551) C:\WINDOWS\system32\drivers\eudisk.sys

2011/05/17 12:23:01.0957 4732 EUDSKACS (cf10797dd2215ffc2e015d182384dd59) C:\WINDOWS\system32\drivers\eudskacs.sys

2011/05/17 12:23:01.0972 4732 EUFS (57ff011f09bc272a69926e7f35e9bfb1) C:\WINDOWS\system32\drivers\eufs.sys

2011/05/17 12:23:02.0004 4732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/17 12:23:02.0019 4732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/17 12:23:02.0066 4732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/17 12:23:02.0082 4732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/17 12:23:02.0129 4732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/17 12:23:02.0176 4732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/17 12:23:02.0176 4732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/17 12:23:02.0222 4732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/05/17 12:23:02.0254 4732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/17 12:23:02.0285 4732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/17 12:23:02.0316 4732 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys

2011/05/17 12:23:02.0347 4732 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/17 12:23:02.0394 4732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/17 12:23:02.0457 4732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/17 12:23:02.0519 4732 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/05/17 12:23:02.0566 4732 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/05/17 12:23:02.0582 4732 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/05/17 12:23:02.0582 4732 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/05/17 12:23:02.0597 4732 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/05/17 12:23:02.0629 4732 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/05/17 12:23:02.0629 4732 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2011/05/17 12:23:02.0644 4732 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2011/05/17 12:23:02.0660 4732 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2011/05/17 12:23:02.0691 4732 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/05/17 12:23:02.0707 4732 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/05/17 12:23:02.0707 4732 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/05/17 12:23:02.0722 4732 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/05/17 12:23:02.0754 4732 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2011/05/17 12:23:02.0769 4732 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2011/05/17 12:23:02.0910 4732 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/05/17 12:23:03.0051 4732 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/05/17 12:23:03.0097 4732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/17 12:23:03.0144 4732 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/17 12:23:03.0175 4732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/17 12:23:03.0207 4732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/17 12:23:03.0238 4732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/17 12:23:03.0254 4732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/17 12:23:03.0300 4732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/17 12:23:03.0332 4732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/17 12:23:03.0363 4732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/17 12:23:03.0379 4732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/17 12:23:03.0394 4732 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/17 12:23:03.0457 4732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/17 12:23:03.0488 4732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/17 12:23:03.0566 4732 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys

2011/05/17 12:23:03.0582 4732 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/05/17 12:23:03.0629 4732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/17 12:23:03.0675 4732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/17 12:23:03.0707 4732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/17 12:23:03.0738 4732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/17 12:23:03.0769 4732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/17 12:23:03.0785 4732 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/05/17 12:23:03.0910 4732 MpKslf4e64cc2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04FB1D35-0667-4D68-9562-7BF60054DE74}\MpKslf4e64cc2.sys

2011/05/17 12:23:04.0050 4732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/17 12:23:04.0097 4732 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/17 12:23:04.0129 4732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/17 12:23:04.0160 4732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/17 12:23:04.0191 4732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/17 12:23:04.0207 4732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/17 12:23:04.0238 4732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/17 12:23:04.0285 4732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/17 12:23:04.0316 4732 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/17 12:23:04.0347 4732 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

2011/05/17 12:23:04.0394 4732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/17 12:23:04.0425 4732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/17 12:23:04.0457 4732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/17 12:23:04.0488 4732 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/17 12:23:04.0504 4732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/17 12:23:04.0519 4732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/17 12:23:04.0550 4732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/17 12:23:04.0597 4732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/17 12:23:04.0613 4732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/17 12:23:04.0675 4732 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/05/17 12:23:04.0691 4732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/17 12:23:04.0707 4732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/17 12:23:04.0754 4732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/17 12:23:04.0894 4732 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/17 12:23:05.0113 4732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/17 12:23:05.0144 4732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/17 12:23:05.0191 4732 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/05/17 12:23:05.0238 4732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/17 12:23:05.0254 4732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/17 12:23:05.0300 4732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/17 12:23:05.0300 4732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/17 12:23:05.0332 4732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/17 12:23:05.0363 4732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/17 12:23:05.0410 4732 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys

2011/05/17 12:23:05.0425 4732 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys

2011/05/17 12:23:05.0519 4732 PGPdisk (61d8b94b1d60e792c904362595302acd) C:\WINDOWS\system32\drivers\PGPdisk.sys

2011/05/17 12:23:05.0535 4732 pgpfs (da001ef36cb465a2a9644c13fa7459ce) C:\WINDOWS\system32\Drivers\PGPfsfd.sys

2011/05/17 12:23:05.0566 4732 PGPsdkDriver (2cc45ea86dddc3a3fd3e022782d91f0b) C:\WINDOWS\system32\Drivers\PGPsdk.sys

2011/05/17 12:23:05.0582 4732 PGPwded (359e8e2d287d0708d543f29e6b792423) C:\WINDOWS\system32\drivers\PGPwded.sys

2011/05/17 12:23:05.0613 4732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/17 12:23:05.0629 4732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/17 12:23:05.0675 4732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/17 12:23:05.0769 4732 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/17 12:23:06.0066 4732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/17 12:23:06.0097 4732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/17 12:23:06.0113 4732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/17 12:23:06.0144 4732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/17 12:23:06.0191 4732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/17 12:23:06.0207 4732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/17 12:23:06.0254 4732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/17 12:23:06.0269 4732 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/17 12:23:06.0285 4732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/17 12:23:06.0332 4732 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/05/17 12:23:06.0441 4732 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/17 12:23:06.0457 4732 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/05/17 12:23:06.0488 4732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/17 12:23:06.0519 4732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/17 12:23:06.0550 4732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/17 12:23:06.0582 4732 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

2011/05/17 12:23:06.0597 4732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/05/17 12:23:06.0660 4732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/17 12:23:06.0707 4732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/17 12:23:06.0879 4732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/17 12:23:07.0082 4732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/17 12:23:07.0363 4732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/17 12:23:07.0394 4732 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys

2011/05/17 12:23:07.0441 4732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/17 12:23:07.0472 4732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/17 12:23:07.0504 4732 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/17 12:23:07.0535 4732 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/17 12:23:07.0535 4732 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2011/05/17 12:23:07.0566 4732 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/17 12:23:07.0582 4732 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/17 12:23:07.0613 4732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/17 12:23:07.0660 4732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/17 12:23:07.0691 4732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/17 12:23:07.0707 4732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/17 12:23:07.0722 4732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/17 12:23:07.0769 4732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/17 12:23:07.0816 4732 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/05/17 12:23:07.0847 4732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/17 12:23:07.0879 4732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/17 12:23:07.0894 4732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/17 12:23:07.0910 4732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/17 12:23:07.0941 4732 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/17 12:23:07.0972 4732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/17 12:23:08.0019 4732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/17 12:23:08.0050 4732 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/17 12:23:08.0082 4732 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/17 12:23:08.0082 4732 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025

2011/05/17 12:23:08.0082 4732 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/05/17 12:23:08.0129 4732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/17 12:23:08.0160 4732 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2011/05/17 12:23:08.0207 4732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/17 12:23:08.0269 4732 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/05/17 12:23:08.0316 4732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/17 12:23:08.0347 4732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/17 12:23:08.0363 4732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/17 12:23:08.0519 4732 ================================================================================

2011/05/17 12:23:08.0519 4732 Scan finished

2011/05/17 12:23:08.0519 4732 ================================================================================

2011/05/17 12:23:08.0535 0300 Detected object count: 1

2011/05/17 12:23:22.0035 0300 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/17 12:23:22.0035 0300 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025

2011/05/17 12:23:22.0347 0300 Backup copy found, using it..

2011/05/17 12:23:22.0379 0300 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot

2011/05/17 12:23:22.0379 0300 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure

2011/05/17 12:23:58.0972 4964 Deinitialize success

Link to post
Share on other sites

Malwarebytes Scan Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6599

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/17/2011 2:20:56 PM

mbam-log-2011-05-17 (14-20-56).txt

Scan type: Full scan (C:\|)

Objects scanned: 302618

Time elapsed: 1 hour(s), 10 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You can delete aswMBR and TDSSKiller

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

You can delete aswMBR and TDSSKiller

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Thanks again Larry... just FYI - I am (and have been for about 6 months) running the full version of Malwarebytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.