Jump to content

Recommended Posts

Hi Everyone, I am new to this forum and have searched this issue to see if others were having the same problem. While I did find others with a similar issue, many others had P2P running, which cause this.

What is happening is Malwarebytes keeps blocking potentially malicious websites, Type: Outgoing (IP addresses are listed below from my log)

I scanned my computer with flash scan and full scan and it did not find anything. I also scanned with windows defender and it found nothing. I cannot figure out why my computer continues to try to access these websites. Can anyone help?

Thank you,

OZ1222

19:17:20 MESSAGE Protection started successfully

19:17:38 MESSAGE IP Protection started successfully

19:20:35 MESSAGE Protection started successfully

19:20:41 MESSAGE IP Protection started successfully

19:28:29 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:28:32 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:28:39 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:29:00 IP-BLOCK 78.140.143.83 (Type: outgoing)

19:29:03 IP-BLOCK 78.140.143.83 (Type: outgoing)

19:29:21 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:29:24 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:29:30 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:30:08 IP-BLOCK 89.187.53.53 (Type: outgoing)

19:30:11 IP-BLOCK 89.187.53.53 (Type: outgoing)

19:30:17 IP-BLOCK 89.187.53.53 (Type: outgoing)

19:30:52 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:30:55 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:31:01 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:31:13 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:31:16 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:31:22 IP-BLOCK 208.87.32.68 (Type: outgoing)

19:31:24 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:31:27 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:31:33 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:31:33 IP-BLOCK 64.111.196.118 (Type: outgoing)

19:31:36 IP-BLOCK 64.111.196.118 (Type: outgoing)

19:31:42 IP-BLOCK 64.111.196.118 (Type: outgoing)

19:40:18 MESSAGE Protection started successfully

19:40:26 MESSAGE IP Protection started successfully

19:50:18 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:50:21 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:50:27 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:52:07 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:52:10 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:52:16 IP-BLOCK 67.29.139.153 (Type: outgoing)

19:53:20 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:53:23 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:53:29 IP-BLOCK 95.64.11.13 (Type: outgoing)

19:54:13 IP-BLOCK 208.87.32.68 (Type: outgoing)

20:03:01 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:04 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:10 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:12 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:15 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:21 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:03:35 IP-BLOCK 199.80.55.81 (Type: outgoing)

20:03:38 IP-BLOCK 199.80.55.81 (Type: outgoing)

20:03:45 IP-BLOCK 199.80.55.81 (Type: outgoing)

20:04:14 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:04:17 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:04:23 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:12:53 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:12:56 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:13:02 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:13:03 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:13:05 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:13:11 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:13:15 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:13:18 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:13:24 IP-BLOCK 64.111.196.118 (Type: outgoing)

20:14:27 IP-BLOCK 208.94.233.34 (Type: outgoing)

20:14:30 IP-BLOCK 208.94.233.34 (Type: outgoing)

20:14:37 IP-BLOCK 208.94.233.34 (Type: outgoing)

20:20:20 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:22 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:23 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:25 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:29 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:31 IP-BLOCK 83.133.119.176 (Type: outgoing)

20:20:46 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:20:49 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:20:55 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:21:20 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:21:23 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:21:29 IP-BLOCK 67.29.139.153 (Type: outgoing)

20:43:36 IP-BLOCK 80.87.199.15 (Type: outgoing)

20:43:39 IP-BLOCK 80.87.199.15 (Type: outgoing)

20:43:45 IP-BLOCK 80.87.199.15 (Type: outgoing)

21:06:57 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:07:00 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:07:06 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:09:59 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:10:02 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:10:03 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:10:08 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:10:09 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:10:21 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:10:24 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:10:30 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:10:42 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:10:45 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:10:51 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:20:42 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:20:45 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:20:51 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:21:03 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:21:06 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:21:12 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:21:24 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:21:27 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:21:33 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:29:33 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:36 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:42 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:54 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:55 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:29:56 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:57 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:29:58 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:29:59 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:30:03 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:30:04 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:30:04 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:30:10 IP-BLOCK 208.94.233.34 (Type: outgoing)

21:30:13 IP-BLOCK 208.94.233.34 (Type: outgoing)

21:30:16 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:30:17 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:30:19 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:30:19 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:30:25 IP-BLOCK 208.87.32.68 (Type: outgoing)

21:30:26 IP-BLOCK 208.73.210.29 (Type: outgoing)

21:31:25 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:31:27 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:31:34 IP-BLOCK 89.208.149.204 (Type: outgoing)

21:31:46 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:31:49 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:31:55 IP-BLOCK 194.247.183.80 (Type: outgoing)

21:32:07 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:32:10 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:32:16 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:09 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:09 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:09 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:42:12 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:12 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:42:12 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:18 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:18 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:42:18 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:30 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:30 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:33 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:33 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:39 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:39 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:42:44 IP-BLOCK 89.187.53.53 (Type: outgoing)

21:42:47 IP-BLOCK 89.187.53.53 (Type: outgoing)

21:42:52 IP-BLOCK 89.187.53.53 (Type: outgoing)

21:43:10 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:43:13 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:43:19 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:43:31 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:43:34 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:43:40 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:44:04 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:44:07 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:44:13 IP-BLOCK 67.29.139.153 (Type: outgoing)

21:53:31 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:53:34 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:53:40 IP-BLOCK 95.143.193.171 (Type: outgoing)

21:53:52 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:53:56 IP-BLOCK 95.143.193.138 (Type: outgoing)

21:54:02 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:03:52 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:03:55 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:04:01 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:04:13 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:04:16 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:04:22 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:04:40 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:04:43 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:04:49 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:05:01 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:05:04 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:05:10 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:13 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:14:17 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:14:23 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:14:35 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:14:38 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:14:44 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:21:37 MESSAGE Scheduled update executed successfully

22:21:37 MESSAGE IP Protection stopped

22:21:47 MESSAGE Database updated successfully

22:22:00 MESSAGE IP Protection started successfully

22:24:35 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:24:38 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:24:44 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:24:56 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:24:59 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:25:05 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:34:56 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:34:59 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:35:05 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:35:17 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:35:20 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:35:27 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:45:17 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:45:20 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:45:26 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:45:38 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:45:42 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:45:48 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:55:38 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:55:41 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:55:47 IP-BLOCK 95.143.193.171 (Type: outgoing)

22:56:00 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:56:03 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:56:09 IP-BLOCK 95.143.193.138 (Type: outgoing)

22:56:28 IP-BLOCK 89.187.53.53 (Type: outgoing)

22:56:31 IP-BLOCK 89.187.53.53 (Type: outgoing)

22:56:37 IP-BLOCK 89.187.53.53 (Type: outgoing)

22:57:01 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:04 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:10 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:22 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:25 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:31 IP-BLOCK 208.73.210.29 (Type: outgoing)

22:57:58 IP-BLOCK 67.29.139.153 (Type: outgoing)

22:58:01 IP-BLOCK 67.29.139.153 (Type: outgoing)

22:58:07 IP-BLOCK 67.29.139.153 (Type: outgoing)

22:59:01 IP-BLOCK 91.212.226.180 (Type: outgoing)

22:59:04 IP-BLOCK 91.212.226.180 (Type: outgoing)

22:59:10 IP-BLOCK 91.212.226.180 (Type: outgoing)

22:59:44 IP-BLOCK 91.212.226.180 (Type: outgoing)

22:59:47 IP-BLOCK 91.212.226.180 (Type: outgoing)

22:59:53 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:00:11 IP-BLOCK 91.212.226.182 (Type: outgoing)

23:00:14 IP-BLOCK 91.212.226.182 (Type: outgoing)

23:00:20 IP-BLOCK 91.212.226.182 (Type: outgoing)

23:04:17 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:04:20 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:04:26 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:04:34 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:04:37 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:04:42 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:05:35 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:05:38 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:05:44 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:06:00 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:06:03 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:06:09 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:06:21 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:06:24 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:06:30 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:06:31 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:06:34 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:06:40 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:16:21 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:16:24 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:16:30 IP-BLOCK 95.143.193.171 (Type: outgoing)

23:16:42 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:16:45 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:16:51 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:17:42 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:17:45 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:17:51 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:18:34 IP-BLOCK 208.87.32.68 (Type: outgoing)

23:18:37 IP-BLOCK 208.87.32.68 (Type: outgoing)

23:18:43 IP-BLOCK 208.87.32.68 (Type: outgoing)

23:20:42 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:20:45 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:20:51 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:35:27 MESSAGE Protection started successfully

23:35:35 MESSAGE IP Protection started successfully

23:41:12 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:41:15 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:41:21 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:41:36 IP-BLOCK 95.64.11.13 (Type: outgoing)

23:41:39 IP-BLOCK 95.64.11.13 (Type: outgoing)

23:41:45 IP-BLOCK 95.64.11.13 (Type: outgoing)

23:44:07 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:44:10 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:44:16 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:44:28 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:44:31 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:44:37 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:44:49 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:44:52 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:44:58 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:45:06 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:45:09 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:45:15 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:45:51 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:45:54 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:46:00 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:46:03 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:46:06 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:46:12 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:46:14 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:46:17 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:46:23 IP-BLOCK 67.29.139.153 (Type: outgoing)

23:51:42 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:51:45 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:51:51 IP-BLOCK 89.187.53.53 (Type: outgoing)

23:52:22 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:52:25 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:52:31 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:52:39 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:52:42 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:52:48 IP-BLOCK 83.133.119.176 (Type: outgoing)

23:54:50 IP-BLOCK 194.247.183.80 (Type: outgoing)

23:54:53 IP-BLOCK 194.247.183.80 (Type: outgoing)

23:54:59 IP-BLOCK 194.247.183.80 (Type: outgoing)

23:55:11 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:55:14 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:55:20 IP-BLOCK 89.208.149.204 (Type: outgoing)

23:55:32 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:55:35 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:55:41 IP-BLOCK 95.143.193.138 (Type: outgoing)

23:58:07 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:58:10 IP-BLOCK 91.212.226.180 (Type: outgoing)

23:58:16 IP-BLOCK 91.212.226.180 (Type: outgoing)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Here are the logs requested:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6621

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/20/2011 10:13:11 PM

mbam-log-2011-05-20 (22-13-11).txt

Scan type: Quick scan

Objects scanned: 143377

Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And the DDS:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jason Osolin at 22:14:52 on 2011-05-20

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.233 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jason Osolin\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-19 363344]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-5-19 24424]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-19 20952]

R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2011-5-19 365460]

R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2011-5-19 9600]

R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2011-5-19 411008]

.

=============== Created Last 30 ================

.

2011-05-20 19:50:13 -------- d-----w- c:\windows\system32\NtmsData

2011-05-20 19:49:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Avira

2011-05-20 18:35:50 -------- d-----w- c:\documents and settings\all users\application data\WEBREG

2011-05-20 18:35:17 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\HP

2011-05-20 18:21:02 -------- d-----w- c:\program files\common files\HP

2011-05-20 18:19:35 966656 ----a-w- c:\windows\system32\hpost_p02a.dll

2011-05-20 18:19:35 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll

2011-05-20 18:19:35 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2011-05-20 18:19:35 307200 ----a-w- c:\windows\system32\hposc_p02a.dll

2011-05-20 18:19:34 309760 ----a-w- c:\windows\system32\difxapi.dll

2011-05-20 18:04:07 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-20 16:48:50 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll

2011-05-20 16:48:50 118272 ----a-w- c:\windows\system32\hpz3l696.dll

2011-05-20 16:48:49 261432 ----a-w- c:\windows\system32\hpzids01.dll

2011-05-20 16:47:41 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-05-20 16:47:41 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-05-20 16:45:36 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-05-20 16:44:46 -------- d-----w- c:\program files\HP

2011-05-20 16:44:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-05-20 16:44:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-05-20 16:44:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-05-20 16:44:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-05-20 16:44:35 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-05-20 16:44:35 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-20 16:19:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-20 16:19:26 -------- d-----w- c:\program files\Avira

2011-05-20 16:19:26 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-05-20 03:44:50 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-05-20 03:44:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9892f134-bc6d-448b-bd00-5565cf85ab0d}\mpengine.dll

2011-05-20 03:44:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-20 01:05:04 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS

2011-05-20 01:02:30 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Adobe

2011-05-19 23:48:43 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Microsoft Help

2011-05-19 23:44:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Symantec

2011-05-19 23:43:29 -------- d-----w- c:\documents and settings\all users\application data\Symantec

2011-05-19 23:42:38 -------- d-----w- c:\program files\interMute

2011-05-19 23:42:21 -------- d-----w- c:\program files\MoodLogic

2011-05-19 23:40:59 -------- d-----w- c:\documents and settings\all users\application data\VAIO Media Platform

2011-05-19 23:40:31 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2011-05-19 23:40:31 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2011-05-19 23:40:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2011-05-19 23:40:31 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2011-05-19 23:40:31 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2011-05-19 23:40:31 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2011-05-19 23:40:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2011-05-19 23:37:54 -------- d-----w- c:\program files\Quicken

2011-05-19 23:37:54 -------- d-----w- c:\documents and settings\all users\application data\Intuit

2011-05-19 23:37:10 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll

2011-05-19 23:37:10 20480 ----a-w- c:\windows\system32\IVIresize.dll

2011-05-19 23:37:10 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll

2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll

2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll

2011-05-19 23:37:10 188416 ----a-w- c:\windows\system32\IVIresizePX.dll

2011-05-19 23:37:08 -------- d-----w- c:\program files\InterVideo

2011-05-19 23:36:22 3130328 ----a-w- c:\program files\online services\aol instant messenger setup\aimsetup.exe

2011-05-19 23:36:22 128608 ----a-w- c:\program files\online services\aol instant messenger setup\Unwise.exe

2011-05-19 23:30:44 -------- d-----w- c:\program files\Sonic

2011-05-19 23:30:21 53248 ----a-w- c:\windows\system32\ipl.dll

2011-05-19 23:30:21 2981888 ----a-w- c:\windows\system32\iplw7.dll

2011-05-19 23:30:21 2973696 ----a-w- c:\windows\system32\ipla6.dll

2011-05-19 23:30:21 2785280 ----a-w- c:\windows\system32\iplm6.dll

2011-05-19 23:30:21 2686976 ----a-w- c:\windows\system32\iplm5.dll

2011-05-19 23:30:21 2531328 ----a-w- c:\windows\system32\iplp6.dll

2011-05-19 23:30:21 2502656 ----a-w- c:\windows\system32\iplpx.dll

2011-05-19 23:30:21 19968 ----a-w- c:\windows\system32\Cpuinf32.dll

2011-05-19 23:30:10 20992 ----a-w- c:\windows\jestertb.dll

2011-05-19 23:28:44 757760 ----a-w- c:\windows\system32\CDDBUI.dll

2011-05-19 23:28:44 630784 ----a-w- c:\windows\system32\CDDBControl.dll

2011-05-19 23:27:41 -------- d-----w- c:\program files\common files\Borland Shared

2011-05-19 23:27:29 -------- d-----w- c:\windows\ShellNew

2011-05-19 23:27:22 -------- d-----w- c:\program files\WordPerfect Office 12

2011-05-19 23:27:22 -------- d-----w- c:\program files\common files\Corel

2011-05-19 23:15:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-05-19 23:15:48 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-05-19 22:52:09 -------- d-----w- c:\documents and settings\jason osolin\application data\Malwarebytes

2011-05-19 22:51:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 22:51:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-19 22:51:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 22:51:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-19 22:42:40 -------- d-sh--w- c:\documents and settings\jason osolin\IECompatCache

2011-05-19 22:40:36 -------- d-sh--w- c:\documents and settings\jason osolin\PrivacIE

2011-05-19 22:37:58 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\ApplicationHistory

2011-05-19 22:37:47 -------- d-sh--w- c:\documents and settings\jason osolin\IETldCache

2011-05-19 22:32:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-05-19 22:31:27 -------- dc-h--w- c:\windows\ie8

2011-05-19 22:20:23 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2011-05-19 22:20:23 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2011-05-19 22:20:03 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys

2011-05-19 22:20:03 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys

2011-05-19 22:20:03 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys

2011-05-19 22:20:03 32768 ----a-w- c:\windows\system32\pscprop.dll

2011-05-19 22:20:03 22048 ----a-w- c:\windows\system32\cocpyinf.dll

2011-05-19 22:20:03 155648 ----a-w- c:\windows\pscunins.exe

2011-05-19 22:20:03 135168 ----a-w- c:\windows\pscunins.dat

2011-05-19 22:20:00 65536 ----a-w- c:\windows\system32\Psa2.cpl

2011-05-19 22:20:00 159744 ----a-w- c:\windows\system32\qlmp.dll

2011-05-19 22:19:59 -------- d-----w- c:\program files\Philips

2011-05-19 22:12:11 -------- d-----w- c:\documents and settings\all users\SonicStage

2011-05-19 22:07:50 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2011-05-19 22:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 21:08:40 -------- d-sh--w- c:\documents and settings\jason osolin\UserData

.

==================== Find3M ====================

.

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD2000JD-98HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8671731B

user & kernel MBR OK

.

============= FINISH: 22:22:11.42 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

I ran TDDS rootkit removing tool, Here is the log:

2011/05/24 22:04:31.0984 3716 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23

2011/05/24 22:04:32.0390 3716 ================================================================================

2011/05/24 22:04:32.0390 3716 SystemInfo:

2011/05/24 22:04:32.0390 3716

2011/05/24 22:04:32.0390 3716 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/24 22:04:32.0390 3716 Product type: Workstation

2011/05/24 22:04:32.0390 3716 ComputerName: OZDESKTOP

2011/05/24 22:04:32.0406 3716 UserName: Jason Osolin

2011/05/24 22:04:32.0406 3716 Windows directory: C:\WINDOWS

2011/05/24 22:04:32.0406 3716 System windows directory: C:\WINDOWS

2011/05/24 22:04:32.0406 3716 Processor architecture: Intel x86

2011/05/24 22:04:32.0406 3716 Number of processors: 2

2011/05/24 22:04:32.0406 3716 Page size: 0x1000

2011/05/24 22:04:32.0406 3716 Boot type: Normal boot

2011/05/24 22:04:32.0406 3716 ================================================================================

2011/05/24 22:04:33.0921 3716 Initialize success

2011/05/24 22:04:39.0109 0644 ================================================================================

2011/05/24 22:04:39.0109 0644 Scan started

2011/05/24 22:04:39.0109 0644 Mode: Manual;

2011/05/24 22:04:39.0109 0644 ================================================================================

2011/05/24 22:04:40.0171 0644 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/24 22:04:40.0234 0644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/24 22:04:40.0296 0644 ADM8511 (d3fd36c3dab82cd4c85a4bd9a6538a6b) C:\WINDOWS\system32\DRIVERS\NET8511.SYS

2011/05/24 22:04:40.0421 0644 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/05/24 22:04:40.0515 0644 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/05/24 22:04:40.0640 0644 AgereSoftModem (f1beed4f73b9a37e6d30885a0851a1c1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/05/24 22:04:41.0015 0644 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/24 22:04:41.0234 0644 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/24 22:04:41.0296 0644 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/24 22:04:41.0406 0644 ati2mtag (5658b0f5c6bd9d77723b93398e48f0f3) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/05/24 22:04:41.0468 0644 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/24 22:04:41.0515 0644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/24 22:04:41.0593 0644 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/05/24 22:04:41.0625 0644 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/05/24 22:04:41.0656 0644 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/05/24 22:04:41.0718 0644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/24 22:04:41.0781 0644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/24 22:04:41.0859 0644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/24 22:04:41.0890 0644 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/24 22:04:41.0953 0644 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/24 22:04:42.0093 0644 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/24 22:04:42.0171 0644 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/24 22:04:42.0312 0644 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/05/24 22:04:42.0343 0644 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/24 22:04:42.0390 0644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/24 22:04:42.0453 0644 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/24 22:04:42.0515 0644 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/24 22:04:42.0578 0644 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/24 22:04:42.0687 0644 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/24 22:04:42.0750 0644 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/24 22:04:42.0796 0644 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/24 22:04:42.0828 0644 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/24 22:04:42.0875 0644 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/24 22:04:42.0906 0644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/24 22:04:42.0937 0644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/24 22:04:43.0000 0644 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/05/24 22:04:43.0062 0644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/24 22:04:43.0140 0644 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/24 22:04:43.0218 0644 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys

2011/05/24 22:04:43.0281 0644 HDAudBus (4f11912e3b579013be7b1628791ebbcd) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/24 22:04:43.0375 0644 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/24 22:04:43.0531 0644 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/24 22:04:43.0703 0644 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/24 22:04:43.0796 0644 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/05/24 22:04:43.0859 0644 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/24 22:04:44.0062 0644 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/05/24 22:04:44.0140 0644 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/24 22:04:44.0187 0644 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/24 22:04:44.0250 0644 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/24 22:04:44.0281 0644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/24 22:04:44.0328 0644 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/24 22:04:44.0375 0644 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/24 22:04:44.0468 0644 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/24 22:04:44.0515 0644 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/24 22:04:44.0593 0644 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/24 22:04:44.0671 0644 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/24 22:04:44.0734 0644 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/24 22:04:44.0765 0644 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/24 22:04:44.0921 0644 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/05/24 22:04:45.0031 0644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/24 22:04:45.0078 0644 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/24 22:04:45.0125 0644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/05/24 22:04:45.0187 0644 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/24 22:04:45.0250 0644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/24 22:04:45.0281 0644 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/24 22:04:45.0390 0644 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/24 22:04:45.0484 0644 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/24 22:04:45.0562 0644 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/24 22:04:45.0640 0644 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/24 22:04:45.0671 0644 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/24 22:04:45.0718 0644 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/24 22:04:45.0765 0644 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/24 22:04:45.0828 0644 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/24 22:04:45.0906 0644 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/24 22:04:46.0000 0644 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/24 22:04:46.0046 0644 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/24 22:04:46.0093 0644 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/24 22:04:46.0156 0644 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/24 22:04:46.0234 0644 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/24 22:04:46.0296 0644 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/24 22:04:46.0437 0644 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/24 22:04:46.0515 0644 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/24 22:04:46.0640 0644 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/24 22:04:46.0828 0644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/24 22:04:47.0000 0644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/24 22:04:47.0046 0644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/24 22:04:47.0171 0644 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/24 22:04:47.0312 0644 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/24 22:04:47.0390 0644 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/24 22:04:47.0453 0644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/24 22:04:47.0515 0644 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/24 22:04:47.0625 0644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/24 22:04:47.0718 0644 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/24 22:04:49.0859 0644 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/24 22:04:50.0125 0644 PSC60x (82c9072333d76bddaa6c57289264e5bb) C:\WINDOWS\system32\drivers\pscaudio.sys

2011/05/24 22:04:50.0203 0644 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/24 22:04:50.0250 0644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/24 22:04:50.0328 0644 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/24 22:04:50.0671 0644 QsndEnum (9f58dea2e68730f5ececee8d4ba14443) C:\WINDOWS\system32\DRIVERS\QsndEnum.sys

2011/05/24 22:04:50.0734 0644 QSoftAud (6de2581a32ec80bce140cf07c480022e) C:\WINDOWS\system32\drivers\QSoftAud.sys

2011/05/24 22:04:50.0812 0644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/24 22:04:50.0906 0644 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/24 22:04:50.0984 0644 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/24 22:04:51.0031 0644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/24 22:04:51.0109 0644 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/24 22:04:51.0203 0644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/24 22:04:51.0328 0644 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/24 22:04:51.0453 0644 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/24 22:04:51.0656 0644 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/24 22:04:51.0765 0644 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/24 22:04:51.0828 0644 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/05/24 22:04:52.0046 0644 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/24 22:04:52.0109 0644 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/24 22:04:52.0187 0644 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/24 22:04:52.0312 0644 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/05/24 22:04:52.0406 0644 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/05/24 22:04:52.0562 0644 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/24 22:04:52.0671 0644 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/24 22:04:53.0062 0644 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/24 22:04:53.0218 0644 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/24 22:04:53.0328 0644 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/24 22:04:53.0406 0644 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/24 22:04:53.0468 0644 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/24 22:04:53.0640 0644 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/24 22:04:53.0765 0644 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/24 22:04:53.0906 0644 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/24 22:04:54.0015 0644 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/24 22:04:54.0109 0644 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/24 22:04:54.0187 0644 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/24 22:04:54.0250 0644 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/24 22:04:54.0343 0644 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/24 22:04:54.0406 0644 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/24 22:04:54.0484 0644 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/24 22:04:54.0734 0644 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/24 22:04:54.0859 0644 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/24 22:04:55.0031 0644 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/24 22:04:55.0140 0644 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/24 22:04:55.0406 0644 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/05/24 22:04:55.0421 0644 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/24 22:04:55.0468 0644 MBR (0x1B8) (22b60c2f7cc381026ae3f4b3f331e328) \Device\Harddisk5\DR11

2011/05/24 22:04:56.0406 0644 ================================================================================

2011/05/24 22:04:56.0406 0644 Scan finished

2011/05/24 22:04:56.0406 0644 ================================================================================

2011/05/24 22:04:56.0468 1068 Detected object count: 1

2011/05/24 22:04:56.0468 1068 Actual detected object count: 1

2011/05/24 22:05:19.0187 1068 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/24 22:05:19.0187 1068 \Device\Harddisk0\DR0 - ok

2011/05/24 22:05:19.0187 1068 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/24 22:05:25.0171 3584 Deinitialize success

Link to post
Share on other sites

I ran Combofix, however, it kept telling me that my Avira "Antivir Desktop" was still running. I shut it down per the instructions, but it continued to say it was running. I wasnt sure what to do, so I continued with the Combofix scan. Here is the log:

ComboFix 11-05-25.01 - Jason Osolin 05/25/2011 18:05:47.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.536 [GMT -4:00]

Running from: c:\documents and settings\Jason Osolin\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\jestertb.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))

.

.

2011-05-25 21:24 . 2011-05-25 21:24 -------- d-----w- c:\windows\LastGood

2011-05-24 06:09 . 2011-05-24 06:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-05-24 00:19 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-24 00:19 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-05-24 00:18 . 2011-05-24 00:18 -------- d-----w- c:\program files\iPod

2011-05-24 00:18 . 2011-05-24 00:19 -------- d-----w- c:\program files\iTunes

2011-05-24 00:18 . 2011-05-24 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-05-24 00:18 . 2011-05-24 00:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-05-24 00:16 . 2011-05-24 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-05-20 19:50 . 2011-05-22 22:00 -------- d-----w- c:\windows\system32\NtmsData

2011-05-20 18:35 . 2011-05-20 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG

2011-05-20 18:23 . 2011-05-20 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2011-05-20 18:21 . 2011-05-20 18:21 -------- d-----w- c:\program files\Common Files\HP

2011-05-20 18:19 . 2008-10-29 23:44 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll

2011-05-20 18:19 . 2008-10-29 00:31 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2011-05-20 18:19 . 2008-10-10 09:10 966656 ----a-w- c:\windows\system32\hpost_p02a.dll

2011-05-20 18:19 . 2008-10-10 09:10 307200 ----a-w- c:\windows\system32\hposc_p02a.dll

2011-05-20 18:19 . 2008-10-29 00:31 309760 ----a-w- c:\windows\system32\difxapi.dll

2011-05-20 18:04 . 2011-05-20 18:13 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-20 17:27 . 2011-05-20 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2011-05-20 16:48 . 2008-10-17 18:55 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll

2011-05-20 16:48 . 2008-10-17 15:45 118272 ----a-w- c:\windows\system32\hpz3l696.dll

2011-05-20 16:48 . 2009-03-03 18:12 261432 ----a-w- c:\windows\system32\hpzids01.dll

2011-05-20 16:48 . 2011-05-20 16:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-05-20 16:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-05-20 16:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-05-20 16:45 . 2011-05-24 00:19 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-20 16:45 . 2011-05-20 16:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2011-05-20 16:44 . 2011-05-20 18:22 -------- d-----w- c:\program files\HP

2011-05-20 16:44 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-05-20 16:44 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-05-20 16:44 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-05-20 16:44 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-05-20 16:44 . 2004-08-04 03:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-05-20 16:44 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-20 16:19 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-20 16:19 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-05-20 16:19 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-05-20 16:19 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-05-20 16:19 . 2011-05-20 16:19 -------- d-----w- c:\program files\Avira

2011-05-20 16:19 . 2011-05-20 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-05-20 03:44 . 2007-03-09 15:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-05-20 03:44 . 2011-05-18 16:37 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9892F134-BC6D-448B-BD00-5565CF85AB0D}\mpengine.dll

2011-05-20 03:44 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-20 03:22 . 2011-05-20 03:22 -------- d-----w- c:\program files\Windows Defender

2011-05-20 01:05 . 2000-12-12 04:06 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS

2011-05-20 01:02 . 2011-05-20 01:02 -------- d-----w- c:\program files\Common Files\Adobe

2011-05-20 00:42 . 2011-05-20 00:42 -------- d-----w- c:\windows\Sun

2011-05-19 23:52 . 2011-05-19 23:52 -------- d-----w- c:\program files\Microsoft Works

2011-05-19 23:51 . 2011-05-19 23:51 -------- d-----w- c:\program files\Microsoft.NET

2011-05-19 23:48 . 2011-05-19 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2011-05-19 23:48 . 2011-05-19 23:48 -------- d-----r- C:\MSOCache

2011-05-19 23:43 . 2011-05-19 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2011-05-19 23:42 . 2011-05-19 23:42 -------- d-----w- c:\program files\interMute

2011-05-19 23:42 . 2011-05-19 23:29 -------- d-----w- c:\program files\MoodLogic

2011-05-19 23:40 . 2011-05-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VAIO Media Platform

2011-05-19 23:40 . 2011-05-19 23:40 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2011-05-19 23:40 . 2011-05-19 23:40 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2011-05-19 23:40 . 2003-02-27 20:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2011-05-19 23:40 . 2002-12-05 18:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2011-05-19 23:40 . 2002-12-02 19:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2011-05-19 23:40 . 2002-12-02 17:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2011-05-19 23:40 . 2002-12-02 17:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2011-05-19 23:37 . 2011-05-19 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2011-05-19 23:37 . 2011-05-19 23:24 -------- d-----w- c:\program files\Quicken

2011-05-19 23:37 . 2002-11-21 14:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll

2011-05-19 23:37 . 2002-11-21 14:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll

2011-05-19 23:37 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll

2011-05-19 23:37 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll

2011-05-19 23:37 . 2002-11-21 14:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll

2011-05-19 23:37 . 2002-11-21 14:57 20480 ----a-w- c:\windows\system32\IVIresize.dll

2011-05-19 23:37 . 2011-05-19 23:39 -------- d-----w- c:\program files\InterVideo

2011-05-19 23:36 . 2004-02-10 15:01 3130328 ----a-w- c:\program files\Online Services\AOL Instant Messenger Setup\aimsetup.exe

2011-05-19 23:36 . 2001-09-28 21:00 128608 ----a-w- c:\program files\Online Services\AOL Instant Messenger Setup\Unwise.exe

2011-05-19 23:30 . 2011-05-19 23:30 -------- d-----w- c:\program files\Sonic

2011-05-19 23:30 . 2003-10-07 23:55 2981888 ----a-w- c:\windows\system32\iplw7.dll

2011-05-19 23:30 . 2003-10-07 23:55 2502656 ----a-w- c:\windows\system32\iplpx.dll

2011-05-19 23:30 . 2003-10-07 23:55 2785280 ----a-w- c:\windows\system32\iplm6.dll

2011-05-19 23:30 . 2003-10-07 23:55 2686976 ----a-w- c:\windows\system32\iplm5.dll

2011-05-19 23:30 . 2003-10-07 23:55 2531328 ----a-w- c:\windows\system32\iplp6.dll

2011-05-19 23:30 . 2003-10-07 23:55 53248 ----a-w- c:\windows\system32\ipl.dll

2011-05-19 23:30 . 2003-10-07 23:55 2973696 ----a-w- c:\windows\system32\ipla6.dll

2011-05-19 23:30 . 2003-10-07 23:55 19968 ----a-w- c:\windows\system32\Cpuinf32.dll

2011-05-19 23:28 . 2004-05-13 22:53 757760 ----a-w- c:\windows\system32\CDDBUI.dll

2011-05-19 23:28 . 2004-05-13 22:53 630784 ----a-w- c:\windows\system32\CDDBControl.dll

2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\Common Files\Borland Shared

2011-05-19 23:27 . 2011-05-19 23:51 -------- d-----w- c:\windows\ShellNew

2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\WordPerfect Office 12

2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\Common Files\Corel

2011-05-19 23:24 . 2011-05-25 02:16 -------- d-----w- c:\documents and settings\Jason Osolin

2011-05-19 23:15 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-05-19 23:15 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-05-19 22:51 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 22:51 . 2011-05-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-19 22:51 . 2011-05-19 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-19 22:51 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 22:47 . 2011-05-19 22:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-05-19 22:32 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-05-19 22:31 . 2011-05-19 22:32 -------- dc-h--w- c:\windows\ie8

2011-05-19 22:20 . 2004-08-04 03:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2011-05-19 22:20 . 2004-08-04 03:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2011-05-19 22:20 . 2002-10-28 15:17 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys

2011-05-19 22:20 . 2002-08-27 20:33 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys

2011-05-19 22:20 . 2002-07-18 18:47 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys

2011-05-19 22:20 . 2002-06-19 19:23 135168 ----a-w- c:\windows\pscunins.dat

2011-05-19 22:20 . 2002-06-19 19:19 155648 ----a-w- c:\windows\pscunins.exe

2011-05-19 22:20 . 2002-02-19 13:10 32768 ----a-w- c:\windows\system32\pscprop.dll

2011-05-19 22:20 . 2001-05-24 19:57 22048 ----a-w- c:\windows\system32\cocpyinf.dll

2011-05-19 22:20 . 2003-01-13 22:28 159744 ----a-w- c:\windows\system32\qlmp.dll

2011-05-19 22:20 . 2002-09-12 18:22 65536 ----a-w- c:\windows\system32\Psa2.cpl

2011-05-19 22:19 . 2011-05-19 22:19 -------- d-----w- c:\program files\Philips

2011-05-19 22:12 . 2011-05-19 22:12 -------- d-----w- c:\documents and settings\All Users\SonicStage

2011-05-19 22:07 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2011-05-19 22:04 . 2011-05-19 22:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 88363]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]

"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]

"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-22 151552]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\{71C4F928-136A-4222-A191-310E081FB96B}\\setup\\hpznui01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/20/2011 12:19 PM 136360]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/19/2011 6:51 PM 363344]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [5/19/2011 9:05 PM 24424]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/19/2011 6:51 PM 20952]

R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [5/19/2011 6:20 PM 365460]

R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [5/19/2011 6:20 PM 9600]

R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [5/19/2011 6:20 PM 411008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-25 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

2011-05-19 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]

.

2011-05-19 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{2D250E57-9890-44a6-B08F-5C02C991EF24} - c:\program files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpzscr01.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-25 18:12

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(840)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-05-25 18:14:07

ComboFix-quarantined-files.txt 2011-05-25 22:14

.

Pre-Run: 182,798,495,744 bytes free

Post-Run: 184,463,912,960 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 171CAE348AC76120891673C53D048D66

I also ran DDS, Here is the log from that:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jason Osolin at 19:21:16 on 2011-05-25

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.501 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jason Osolin\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-19 363344]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-5-19 24424]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-19 20952]

R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2011-5-19 365460]

R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2011-5-19 9600]

R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2011-5-19 411008]

.

=============== Created Last 30 ================

.

2011-05-25 22:03:40 -------- d-sha-r- C:\cmdcons

2011-05-25 22:02:08 98816 ----a-w- c:\windows\sed.exe

2011-05-25 22:02:08 89088 ----a-w- c:\windows\MBR.exe

2011-05-25 22:02:08 256512 ----a-w- c:\windows\PEV.exe

2011-05-25 22:02:08 161792 ----a-w- c:\windows\SWREG.exe

2011-05-25 21:24:12 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-05-24 00:19:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-24 00:19:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-05-24 00:18:57 -------- d-----w- c:\program files\iPod

2011-05-24 00:18:54 -------- d-----w- c:\program files\iTunes

2011-05-24 00:18:54 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-05-24 00:17:32 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Apple

2011-05-24 00:17:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-24 00:17:03 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-24 00:16:30 -------- d-----w- c:\program files\Bonjour

2011-05-23 23:17:29 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Apple Computer

2011-05-20 19:50:13 -------- d-----w- c:\windows\system32\NtmsData

2011-05-20 19:49:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Avira

2011-05-20 18:35:50 -------- d-----w- c:\documents and settings\all users\application data\WEBREG

2011-05-20 18:35:17 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\HP

2011-05-20 18:21:02 -------- d-----w- c:\program files\common files\HP

2011-05-20 18:19:35 966656 ----a-w- c:\windows\system32\hpost_p02a.dll

2011-05-20 18:19:35 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll

2011-05-20 18:19:35 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2011-05-20 18:19:35 307200 ----a-w- c:\windows\system32\hposc_p02a.dll

2011-05-20 18:19:34 309760 ----a-w- c:\windows\system32\difxapi.dll

2011-05-20 18:04:07 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-20 16:48:50 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll

2011-05-20 16:48:50 118272 ----a-w- c:\windows\system32\hpz3l696.dll

2011-05-20 16:48:49 261432 ----a-w- c:\windows\system32\hpzids01.dll

2011-05-20 16:47:41 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-05-20 16:47:41 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-05-20 16:45:36 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-05-20 16:44:46 -------- d-----w- c:\program files\HP

2011-05-20 16:44:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-05-20 16:44:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-05-20 16:44:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-05-20 16:44:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-05-20 16:44:35 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-05-20 16:44:35 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-20 16:19:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-20 16:19:26 -------- d-----w- c:\program files\Avira

2011-05-20 16:19:26 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-05-20 03:44:50 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-05-20 03:44:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9892f134-bc6d-448b-bd00-5565cf85ab0d}\mpengine.dll

2011-05-20 03:44:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-20 01:05:04 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS

2011-05-20 01:02:30 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Adobe

2011-05-19 23:48:43 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Microsoft Help

2011-05-19 23:44:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Symantec

2011-05-19 23:43:29 -------- d-----w- c:\documents and settings\all users\application data\Symantec

2011-05-19 23:42:38 -------- d-----w- c:\program files\interMute

2011-05-19 23:42:21 -------- d-----w- c:\program files\MoodLogic

2011-05-19 23:40:59 -------- d-----w- c:\documents and settings\all users\application data\VAIO Media Platform

2011-05-19 23:40:31 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2011-05-19 23:40:31 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2011-05-19 23:40:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2011-05-19 23:40:31 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2011-05-19 23:40:31 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2011-05-19 23:40:31 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2011-05-19 23:40:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2011-05-19 23:37:54 -------- d-----w- c:\program files\Quicken

2011-05-19 23:37:54 -------- d-----w- c:\documents and settings\all users\application data\Intuit

2011-05-19 23:37:10 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll

2011-05-19 23:37:10 20480 ----a-w- c:\windows\system32\IVIresize.dll

2011-05-19 23:37:10 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll

2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll

2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll

2011-05-19 23:37:10 188416 ----a-w- c:\windows\system32\IVIresizePX.dll

2011-05-19 23:37:08 -------- d-----w- c:\program files\InterVideo

2011-05-19 23:36:22 3130328 ----a-w- c:\program files\online services\aol instant messenger setup\aimsetup.exe

2011-05-19 23:36:22 128608 ----a-w- c:\program files\online services\aol instant messenger setup\Unwise.exe

2011-05-19 23:30:44 -------- d-----w- c:\program files\Sonic

2011-05-19 23:30:21 53248 ----a-w- c:\windows\system32\ipl.dll

2011-05-19 23:30:21 2981888 ----a-w- c:\windows\system32\iplw7.dll

2011-05-19 23:30:21 2973696 ----a-w- c:\windows\system32\ipla6.dll

2011-05-19 23:30:21 2785280 ----a-w- c:\windows\system32\iplm6.dll

2011-05-19 23:30:21 2686976 ----a-w- c:\windows\system32\iplm5.dll

2011-05-19 23:30:21 2531328 ----a-w- c:\windows\system32\iplp6.dll

2011-05-19 23:30:21 2502656 ----a-w- c:\windows\system32\iplpx.dll

2011-05-19 23:30:21 19968 ----a-w- c:\windows\system32\Cpuinf32.dll

2011-05-19 23:28:44 757760 ----a-w- c:\windows\system32\CDDBUI.dll

2011-05-19 23:28:44 630784 ----a-w- c:\windows\system32\CDDBControl.dll

2011-05-19 23:27:41 -------- d-----w- c:\program files\common files\Borland Shared

2011-05-19 23:27:29 -------- d-----w- c:\windows\ShellNew

2011-05-19 23:27:22 -------- d-----w- c:\program files\WordPerfect Office 12

2011-05-19 23:27:22 -------- d-----w- c:\program files\common files\Corel

2011-05-19 23:15:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-05-19 23:15:48 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-05-19 22:52:09 -------- d-----w- c:\documents and settings\jason osolin\application data\Malwarebytes

2011-05-19 22:51:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 22:51:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-19 22:51:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 22:51:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-19 22:42:40 -------- d-sh--w- c:\documents and settings\jason osolin\IECompatCache

2011-05-19 22:40:36 -------- d-sh--w- c:\documents and settings\jason osolin\PrivacIE

2011-05-19 22:37:58 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\ApplicationHistory

2011-05-19 22:37:47 -------- d-sh--w- c:\documents and settings\jason osolin\IETldCache

2011-05-19 22:32:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-05-19 22:31:27 -------- dc-h--w- c:\windows\ie8

2011-05-19 22:20:23 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2011-05-19 22:20:23 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2011-05-19 22:20:03 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys

2011-05-19 22:20:03 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys

2011-05-19 22:20:03 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys

2011-05-19 22:20:03 32768 ----a-w- c:\windows\system32\pscprop.dll

2011-05-19 22:20:03 22048 ----a-w- c:\windows\system32\cocpyinf.dll

2011-05-19 22:20:03 155648 ----a-w- c:\windows\pscunins.exe

2011-05-19 22:20:03 135168 ----a-w- c:\windows\pscunins.dat

2011-05-19 22:20:00 65536 ----a-w- c:\windows\system32\Psa2.cpl

2011-05-19 22:20:00 159744 ----a-w- c:\windows\system32\qlmp.dll

2011-05-19 22:19:59 -------- d-----w- c:\program files\Philips

2011-05-19 22:12:11 -------- d-----w- c:\documents and settings\all users\SonicStage

2011-05-19 22:07:50 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2011-05-19 22:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 21:08:40 -------- d-sh--w- c:\documents and settings\jason osolin\UserData

.

==================== Find3M ====================

.

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 19:21:44.50 ===============

Thank you for all of your help!!

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Here are the two logs. Everything seems to be running good now. No more popups and google searches not being redirected. Thanks again!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=91768e5b39744e4cbd07f1b11aeb48ac

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-30 03:33:46

# local_time=2011-05-30 11:33:46 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1797 16775141 100 93 0 42361126 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=54277

# found=0

# cleaned=0

# scan_time=1852

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

SonicStage Mastering Studio Audio Filter Custom Preset

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Windows Defender MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Adobe Flash Player

Adobe Reader 6.0.1

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Next, it is absolutely essential that you upgrade to Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates.

Let me know if the update was successful.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

I followed your directions to a tee. Windows is updated to service pack 3 as well. Everything seems to be running well. I do, however, notice on Internet explorer, the screen scrolls in waves. Maybe it always has, but I just dont remember seeing that in the past. Is that normal or does it indicate an issue? It could be my monitor, however. Several months ago, it all the sudden got a lot dimmer than it used to be. I think it is burning out or something.

Link to post
Share on other sites

  • Staff

Not really sure what you mean by waves but it could very well be your monitor..

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Fantastic, Thank you for all of your help. This has already improved the performance of my computer a great deal. Thanks! Would it be possible to go through a similar diagnostic process for my laptop? There are not any obvious issues occuring to speak of, however I did have some viruses that malwarebyes has found and wiped out.

Link to post
Share on other sites

  • Staff

Hi,

It's be best to start a new topic for your laptop, to avoid any potential confusion. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.