Jump to content

Recommended Posts

I STUPIDLY ran one of those speed tests and now I have startnow hyperbar hijacking Mozilla and IE windows. I am currently running on Safari, no problems that I can see.

I have Sophos Protection from my university on my computer and it is updated (as of today). When I ran a scan (yesterday), nothing was found.

I have used the program add/delete function in the control panel and have uninstalled what I could but the hyperbar persists.

Can someone help me?

I am not technical at all!

Thanks.

Carlos

I posted this yesterday and got a response (I was in the wrong place; I have copied and pasted help request to here).

I also started doing the step by step that was suggested to another forum member.

I have downloaded Malwarebyte's anti-malware, updated it, and run the program. The program found some stuff (which I then deleted):

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Carlos at 0:04:53 on 2011-05-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.243 [GMT -7:00]

.

AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sophos\AutoUpdate\almon.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Safari\Safari.exe

C:\DOCUME~1\Carlos\LOCALS~1\Temp\iuojvhsg.tmp\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3

uSearch Page =

uDefault_Page_URL = hxxp://start.earthlink.net

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [uTorrent] "c:\documents and settings\carlos\my documents\downloads\utorrent.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [RecGuard] c:\windows\sminst\RecGuard.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [nwiz] nwiz.exe /installquiet /nodetect

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.mrw.interscience.wiley.com/wfplayer/tdserver.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238273051654

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: JMRI - c:\program files\jmri\CreatePrefs.bat

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\carlos\application data\mozilla\firefox\profiles\tufl9tfz.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3&q=

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-6-13 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-6-13 24064]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-14 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-30 38224]

S2 gupdate1c9b0d2a7207434;Google Update Service (gupdate1c9b0d2a7207434);c:\program files\google\update\GoogleUpdate.exe [2009-3-29 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-29 133104]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-3-10 23928]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-6-13 14976]

.

=============== Created Last 30 ================

.

2011-05-31 06:23:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-31 06:23:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-31 06:23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-31 05:27:00 -------- d-----w- c:\windows\system32\NtmsData

2011-05-30 17:06:24 -------- d-----w- c:\documents and settings\carlos\application data\Systweak

2011-05-30 17:06:14 17280 ----a-w- c:\windows\system32\roboot.exe

2011-05-21 19:22:09 8413 ----a-w- c:\windows\system32\drivers\mcstrm.sys

2011-05-17 03:42:18 -------- d-----w- c:\documents and settings\carlos\application data\PriceGong

2011-05-17 03:24:06 -------- d-----w- c:\documents and settings\carlos\local settings\application data\Conduit

2011-05-16 13:19:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 14:24:24 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-13 14:24:23 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-13 14:24:23 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-13 14:24:23 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-13 14:24:23 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-13 14:24:22 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-13 14:24:22 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-13 14:24:21 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys

c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce IDE Driver

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F1AAB8]

3 CLASSPNP[0xF7680FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000084[0x86F83AC0]

5 ACPI[0xF74E7620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000083[0x86F17030]

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }

user != kernel MBR !!!

.

============= FINISH: 0:06:32.15 ===============

I then reran the program after cleaning up (it found nothing):

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6729

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/30/2011 11:39:57 PM

mbam-log-2011-05-30 (23-39-57).txt

Scan type: Quick scan

Objects scanned: 181197

Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I still have the hyperbar. Now what do I do?

Thanks again.

Carlos

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Okay,

I downloaded the tdsskiller.zip, opened it, ran the .exe file and it says no infection found. There was no request for a reboot. A small window opened and the following .txt stuff was on it. Is this the log?

2011/05/31 20:10:44.0078 2900 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/31 20:10:44.0671 2900 ================================================================================

2011/05/31 20:10:44.0671 2900 SystemInfo:

2011/05/31 20:10:44.0671 2900

2011/05/31 20:10:44.0671 2900 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/31 20:10:44.0671 2900 Product type: Workstation

2011/05/31 20:10:44.0671 2900 ComputerName: YOUR-7745395E08

2011/05/31 20:10:44.0671 2900 UserName: Carlos

2011/05/31 20:10:44.0671 2900 Windows directory: C:\WINDOWS

2011/05/31 20:10:44.0671 2900 System windows directory: C:\WINDOWS

2011/05/31 20:10:44.0671 2900 Processor architecture: Intel x86

2011/05/31 20:10:44.0671 2900 Number of processors: 2

2011/05/31 20:10:44.0671 2900 Page size: 0x1000

2011/05/31 20:10:44.0671 2900 Boot type: Normal boot

2011/05/31 20:10:44.0671 2900 ================================================================================

2011/05/31 20:10:45.0250 2900 Initialize success

I updated and ran the MBAM software:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6738

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/31/2011 7:51:05 PM

mbam-log-2011-05-31 (19-51-05).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 287237

Time elapsed: 1 hour(s), 16 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I was able to down load and run the combofix.exe bleepingcomputer.com

It ran and a small window popped up and there was some scrolling green writing but then the Sophos ping started and it said that there was adware/pua NirCmd and 180solutions. I did not see any .txt file in a window pop up. When I went back to the downloads window and clicked on the .exe file I received an error message saying that it had been moved and that safari could not open the file.

CORJr

Link to post
Share on other sites

Here is the log from TDSSKILLER APP

There was no request to reboot.

2011/06/02 20:26:53.0203 1884 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/06/02 20:26:53.0843 1884 ================================================================================

2011/06/02 20:26:53.0843 1884 SystemInfo:

2011/06/02 20:26:53.0843 1884

2011/06/02 20:26:53.0843 1884 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/02 20:26:53.0843 1884 Product type: Workstation

2011/06/02 20:26:53.0843 1884 ComputerName: YOUR-7745395E08

2011/06/02 20:26:53.0843 1884 UserName: Carlos

2011/06/02 20:26:53.0843 1884 Windows directory: C:\WINDOWS

2011/06/02 20:26:53.0843 1884 System windows directory: C:\WINDOWS

2011/06/02 20:26:53.0843 1884 Processor architecture: Intel x86

2011/06/02 20:26:53.0843 1884 Number of processors: 2

2011/06/02 20:26:53.0843 1884 Page size: 0x1000

2011/06/02 20:26:53.0843 1884 Boot type: Normal boot

2011/06/02 20:26:53.0843 1884 ================================================================================

2011/06/02 20:26:58.0578 1884 Initialize success

2011/06/02 20:27:02.0281 4032 ================================================================================

2011/06/02 20:27:02.0281 4032 Scan started

2011/06/02 20:27:02.0281 4032 Mode: Manual;

2011/06/02 20:27:02.0281 4032 ================================================================================

2011/06/02 20:27:05.0921 4032 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/02 20:27:06.0218 4032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/02 20:27:06.0531 4032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/02 20:27:06.0687 4032 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/02 20:27:07.0062 4032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/02 20:27:07.0703 4032 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/02 20:27:08.0015 4032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/02 20:27:08.0125 4032 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/02 20:27:08.0500 4032 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/02 20:27:08.0968 4032 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/02 20:27:09.0328 4032 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/02 20:27:09.0750 4032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/02 20:27:09.0859 4032 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/02 20:27:10.0125 4032 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/02 20:27:10.0421 4032 AmdK8 (ff8562f78b45a811c1ee23431622d4cc) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/06/02 20:27:10.0781 4032 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/02 20:27:11.0156 4032 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/02 20:27:11.0390 4032 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/02 20:27:11.0796 4032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/02 20:27:12.0218 4032 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/02 20:27:12.0546 4032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/02 20:27:12.0828 4032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/02 20:27:13.0187 4032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/02 20:27:13.0453 4032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/02 20:27:13.0609 4032 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/06/02 20:27:13.0890 4032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/02 20:27:14.0062 4032 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys

2011/06/02 20:27:14.0421 4032 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/06/02 20:27:14.0921 4032 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/06/02 20:27:15.0312 4032 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/06/02 20:27:15.0671 4032 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/06/02 20:27:16.0125 4032 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2011/06/02 20:27:16.0187 4032 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/02 20:27:16.0437 4032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/02 20:27:16.0546 4032 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/02 20:27:16.0828 4032 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/02 20:27:17.0359 4032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/02 20:27:17.0562 4032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/02 20:27:17.0656 4032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/02 20:27:18.0078 4032 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/02 20:27:18.0390 4032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/02 20:27:18.0734 4032 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/02 20:27:19.0046 4032 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/02 20:27:19.0390 4032 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/02 20:27:19.0796 4032 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/02 20:27:20.0125 4032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/02 20:27:20.0359 4032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/02 20:27:20.0546 4032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/02 20:27:20.0765 4032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/02 20:27:21.0156 4032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/02 20:27:21.0531 4032 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/02 20:27:22.0015 4032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/02 20:27:22.0406 4032 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

2011/06/02 20:27:22.0890 4032 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

2011/06/02 20:27:23.0343 4032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/02 20:27:23.0796 4032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/02 20:27:24.0156 4032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/02 20:27:24.0593 4032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/02 20:27:24.0953 4032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/02 20:27:25.0421 4032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/02 20:27:25.0906 4032 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys

2011/06/02 20:27:26.0484 4032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/02 20:27:26.0921 4032 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys

2011/06/02 20:27:27.0343 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/02 20:27:27.0781 4032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/02 20:27:28.0203 4032 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

2011/06/02 20:27:28.0812 4032 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys

2011/06/02 20:27:29.0312 4032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/02 20:27:29.0781 4032 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/02 20:27:30.0343 4032 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/06/02 20:27:30.0937 4032 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/06/02 20:27:31.0593 4032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/02 20:27:32.0046 4032 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/02 20:27:32.0500 4032 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/02 20:27:32.0921 4032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/02 20:27:33.0546 4032 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/06/02 20:27:34.0046 4032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/02 20:27:34.0453 4032 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/02 20:27:35.0015 4032 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/02 20:27:35.0296 4032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/02 20:27:35.0765 4032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/02 20:27:36.0140 4032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/02 20:27:36.0375 4032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/02 20:27:36.0796 4032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/02 20:27:37.0187 4032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/02 20:27:37.0546 4032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/02 20:27:37.0703 4032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/02 20:27:38.0156 4032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/02 20:27:38.0562 4032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/02 20:27:39.0031 4032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/02 20:27:39.0734 4032 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/06/02 20:27:40.0109 4032 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2011/06/02 20:27:40.0562 4032 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/02 20:27:41.0109 4032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/02 20:27:41.0578 4032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/02 20:27:41.0984 4032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/02 20:27:42.0406 4032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/02 20:27:42.0812 4032 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

2011/06/02 20:27:43.0328 4032 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/02 20:27:43.0906 4032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/02 20:27:44.0421 4032 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/02 20:27:44.0875 4032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/02 20:27:45.0328 4032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/02 20:27:45.0750 4032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/02 20:27:46.0187 4032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/02 20:27:46.0593 4032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/02 20:27:46.0921 4032 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/02 20:27:47.0343 4032 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/02 20:27:47.0796 4032 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/02 20:27:48.0250 4032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/02 20:27:48.0734 4032 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/02 20:27:49.0140 4032 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/02 20:27:49.0500 4032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/02 20:27:49.0890 4032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/02 20:27:50.0328 4032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/02 20:27:50.0812 4032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/02 20:27:51.0296 4032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/02 20:27:51.0734 4032 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/02 20:27:51.0906 4032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/02 20:27:52.0250 4032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/02 20:27:52.0890 4032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/02 20:27:54.0078 4032 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/02 20:27:55.0328 4032 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/06/02 20:27:55.0640 4032 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/06/02 20:27:56.0234 4032 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/06/02 20:27:56.0625 4032 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys

2011/06/02 20:27:57.0093 4032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/02 20:27:57.0656 4032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/02 20:27:58.0203 4032 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/02 20:27:58.0625 4032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/02 20:27:59.0031 4032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/02 20:27:59.0500 4032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/02 20:27:59.0906 4032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/02 20:28:00.0562 4032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/02 20:28:00.0828 4032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/06/02 20:28:02.0328 4032 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/02 20:28:02.0875 4032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/02 20:28:03.0328 4032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/02 20:28:03.0750 4032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/02 20:28:04.0156 4032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/02 20:28:04.0578 4032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/02 20:28:05.0078 4032 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/02 20:28:05.0546 4032 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/02 20:28:05.0921 4032 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/02 20:28:06.0343 4032 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/02 20:28:06.0734 4032 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/02 20:28:07.0187 4032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/02 20:28:07.0421 4032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/02 20:28:07.0546 4032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/02 20:28:07.0765 4032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/02 20:28:07.0906 4032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/02 20:28:08.0125 4032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/02 20:28:08.0468 4032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/02 20:28:08.0796 4032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/02 20:28:09.0203 4032 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/02 20:28:09.0546 4032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/02 20:28:09.0875 4032 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/06/02 20:28:10.0000 4032 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/06/02 20:28:10.0265 4032 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/06/02 20:28:10.0593 4032 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

2011/06/02 20:28:10.0968 4032 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/06/02 20:28:11.0359 4032 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys

2011/06/02 20:28:11.0781 4032 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys

2011/06/02 20:28:11.0984 4032 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/06/02 20:28:12.0140 4032 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys

2011/06/02 20:28:12.0296 4032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/02 20:28:12.0453 4032 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/02 20:28:12.0671 4032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/02 20:28:12.0812 4032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/06/02 20:28:13.0046 4032 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/02 20:28:13.0218 4032 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/02 20:28:13.0359 4032 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys

2011/06/02 20:28:13.0515 4032 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/02 20:28:13.0843 4032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/02 20:28:14.0203 4032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/02 20:28:14.0531 4032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/02 20:28:14.0828 4032 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/02 20:28:14.0921 4032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/02 20:28:14.0984 4032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/02 20:28:15.0218 4032 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/02 20:28:15.0546 4032 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/02 20:28:15.0968 4032 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/02 20:28:16.0296 4032 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/02 20:28:16.0625 4032 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/06/02 20:28:16.0843 4032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/02 20:28:17.0187 4032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/02 20:28:17.0468 4032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/02 20:28:17.0578 4032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/02 20:28:17.0828 4032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/02 20:28:18.0093 4032 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/02 20:28:18.0281 4032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/02 20:28:18.0734 4032 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/02 20:28:19.0140 4032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/02 20:28:19.0578 4032 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/02 20:28:19.0890 4032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/02 20:28:20.0328 4032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/02 20:28:20.0578 4032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/02 20:28:20.0687 4032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/02 20:28:20.0984 4032 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/02 20:28:21.0359 4032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/02 20:28:21.0468 4032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/02 20:28:21.0625 4032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/02 20:28:21.0718 4032 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/06/02 20:28:22.0109 4032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/02 20:28:22.0265 4032 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/02 20:28:22.0484 4032 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/02 20:28:22.0625 4032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/02 20:28:22.0953 4032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/02 20:28:23.0328 4032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/02 20:28:23.0875 4032 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/06/02 20:28:24.0343 4032 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/06/02 20:28:24.0671 4032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/02 20:28:24.0984 4032 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/02 20:28:25.0250 4032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/02 20:28:25.0718 4032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/02 20:28:25.0921 4032 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0

2011/06/02 20:28:25.0937 4032 ================================================================================

2011/06/02 20:28:25.0937 4032 Scan finished

2011/06/02 20:28:25.0937 4032 ================================================================================

2011/06/02 20:28:25.0953 1768 Detected object count: 0

2011/06/02 20:28:25.0953 1768 Actual detected object count: 0

there was no request to reboot.

Here is the updated MBAM

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6757

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/2/2011 8:08:17 PM

mbam-log-2011-06-02 (20-08-17).txt

Scan type: Quick scan

Objects scanned: 182112

Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Although I have downloaded and run the ComboFix tool, I have not gotten a report.

What should I do?

CORJr

Link to post
Share on other sites

I was able to get combofix to run on my PC.

Here is the report that was requested:

ComboFix 11-06-04.02 - Carlos 06/04/2011 16:21:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.290 [GMT -7:00]

Running from: c:\documents and settings\Carlos\My Documents\ComboFix.exe

AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Carlos\Application Data\PriceGong

c:\documents and settings\Carlos\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Carlos\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Carlos\WINDOWS

c:\windows\AutoRun.ini

c:\windows\system32\service

c:\windows\system32\service\01032010_TIS17_SfFniAU.log

c:\windows\system32\service\03082009_TIS17_SfFniAU.log

c:\windows\system32\service\04092009_TIS17_SfFniAU.log

c:\windows\system32\service\08022010_TIS17_SfFniAU.log

c:\windows\system32\service\08032010_TIS17_SfFniAU.log

c:\windows\system32\service\09052009_TIS17_SfFniAU.log

c:\windows\system32\service\12082009_TIS17_SfFniAU.log

c:\windows\system32\service\12092009_TIS17_SfFniAU.log

c:\windows\system32\service\14082009_TIS17_SfFniAU.log

c:\windows\system32\service\15082009_TIS17_SfFniAU.log

c:\windows\system32\service\15102009_TIS17_SfFniAU.log

c:\windows\system32\service\16072009_TIS17_SfFniAU.log

c:\windows\system32\service\17052009_TIS17_SfFniAU.log

c:\windows\system32\service\18082009_TIS17_SfFniAU.log

c:\windows\system32\service\19042009_TIS17_SfFniAU.log

c:\windows\system32\service\20042009_TIS17_SfFniAU.log

c:\windows\system32\service\21062009_TIS17_SfFniAU.log

c:\windows\system32\service\27082009_TIS17_SfFniAU.log

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))

.

.

2011-05-31 06:23 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-31 06:23 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-31 06:23 . 2011-06-01 01:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-31 05:27 . 2011-05-31 05:28 -------- d-----w- c:\windows\system32\NtmsData

2011-05-30 17:06 . 2011-05-30 17:06 -------- d-----w- c:\documents and settings\Carlos\Application Data\Systweak

2011-05-30 17:06 . 2011-05-28 00:51 17280 ----a-w- c:\windows\system32\roboot.exe

2011-05-21 20:31 . 2011-05-21 20:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-05-21 19:22 . 2011-05-21 19:22 8413 ----a-w- c:\windows\system32\drivers\mcstrm.sys

2011-05-17 03:24 . 2011-05-21 00:34 -------- d-----w- c:\documents and settings\Carlos\Local Settings\Application Data\Conduit

2011-05-16 13:19 . 2011-05-19 03:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 14:24 . 2011-05-13 14:24 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-13 14:24 . 2011-05-13 14:24 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-13 14:24 . 2011-05-13 14:24 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-13 14:24 . 2011-05-13 14:24 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-13 14:24 . 2011-05-13 14:24 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-13 14:24 . 2011-05-13 14:24 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-13 14:24 . 2011-05-13 14:24 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-13 14:24 . 2011-05-13 14:24 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33 . 2004-08-04 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-13 14:24 . 2011-05-13 14:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-05 198160]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"nwiz"="nwiz.exe" [2006-04-26 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

.

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [6/13/2009 4:18 PM 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [6/13/2009 4:18 PM 24064]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 8:15 AM 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/14/2010 7:42 PM 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 8:15 AM 1541360]

S2 gupdate1c9b0d2a7207434;Google Update Service (gupdate1c9b0d2a7207434);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [3/10/2010 11:49 AM 23928]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [6/13/2009 4:18 PM 14976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\JMRI]

2009-12-17 11:46 171 ----a-w- c:\program files\JMRI\CreatePrefs.bat

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 00:57]

.

2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-06-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Carlos\Application Data\Mozilla\Firefox\Profiles\tufl9tfz.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-uTorrent - c:\documents and settings\Carlos\My Documents\Downloads\utorrent.exe

HKCU-Run-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe

HKCU-Run-RDReminder - c:\program files\RegClean Pro\RegCleanPro.exe

HKLM-Run-UfSeAgnt.exe - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe

AddRemove-{35B73650-6899-11DA-6784-00232A9018BE} - c:\program files\GraphPad\Prism 5\Uninst_Prism 5_Update.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-04 16:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???(T??????R?@?????,?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3472)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\msiexec.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\windows\TEMP\sophos_autoupdate1.dir\alupdate.exe

.

**************************************************************************

.

Completion time: 2011-06-04 16:36:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-04 23:36

.

Pre-Run: 7,886,839,808 bytes free

Post-Run: 7,930,204,160 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - D61EB83695610A7E3C288C6055AEC5CF

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=99cf1c53b963594e8e330f1bfe632cd2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-06-12 07:04:24

# local_time=2011-06-12 12:04:24 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16775125 50 99 0 120237639 0 0

# scanned=115462

# found=17

# cleaned=17

# scan_time=8863

C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-4718224f Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-7c1f3ae1 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Carlos\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\CORJr\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\CORJr\Desktop\Unused Desktop Shortcuts\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\TelevisionFanatic\bar\1.bin\64html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP17\A0007019.exe a variant of Win32/Toolbar.MyWebSearch.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP17\A0007021.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007554.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007555.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007558.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007559.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007560.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP20\A0007561.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.13

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Sophos Anti-Virus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

JMRI - Java Model Railroad Interface

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Sophos Sophos Anti-Virus SAVAdminService.exe

Carlos Desktop FILING CABINET Antivirus scan logs\SecurityCheck.exe

``````````End of Log````````````

The startnow bar still comes up when I open Mozilla or IE

CORJr

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    startnow


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Alright. Here you go:

SystemLook 04.09.10 by jpshortstuff

Log created at 16:52 on 20/06/2011 by Carlos

Administrator - Elevation successful

========== regfind ==========

Searching for "startnow"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}]

"URL"="http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar]

[HKEY_USERS\.DEFAULT\Software\StartNowToolbar]

[HKEY_USERS\S-1-5-21-2810408817-1970161526-3781679833-1005\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3"

[HKEY_USERS\S-1-5-21-2810408817-1970161526-3781679833-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}]

"URL"="http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=IE&os=win&os_version=5.1-x86-SP3"

[HKEY_USERS\S-1-5-18\Software\StartNowToolbar]

-= EOF =-

Link to post
Share on other sites

  • Staff

Hi,

Run DDS and post attach.txt

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

KILLALL::
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
"FaviconPath"="C:\\Users\\screen317\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
"TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=ie9tr"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar]
[-HKEY_USERS\.DEFAULT\Software\StartNowToolbar]
[HKEY_USERS\S-1-5-21-2810408817-1970161526-3781679833-1005\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com
[-HKEY_USERS\S-1-5-21-2810408817-1970161526-3781679833-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}]
[HKEY_USERS\S-1-5-21-2810408817-1970161526-3781679833-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
"FaviconPath"="C:\\Users\\screen317\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
"TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=ie9tr"
[-HKEY_USERS\S-1-5-18\Software\StartNowToolbar]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Okay. Thank you for providing the video graphic; it really helped.

TDDS Killer did not find anything (also, no notepad file opened up; was that the right program?)

ComboFix 11-06-27.03 - Carlos 06/27/2011 21:32:03.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.305 [GMT -7:00]

Running from: c:\documents and settings\Carlos\My Documents\ComboFix-3.exe

AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-28 03:50 . 2011-06-28 03:51 -------- dc----w- C:\ComboFix-3

2011-06-28 03:49 . 2011-06-28 03:50 -------- dc----w- C:\ComboFix

2011-06-23 12:41 . 2011-06-23 12:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-23 12:41 . 2011-06-23 12:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-17 18:49 . 2011-06-07 19:35 103864 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-17 08:41 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-12 16:13 . 2011-06-12 16:13 -------- d-----w- c:\program files\ESET

2011-06-08 03:49 . 2011-06-11 01:37 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-07 19:35 . 2011-06-07 19:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-05-31 06:23 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-31 06:23 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-31 06:23 . 2011-06-01 01:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-31 05:27 . 2011-05-31 05:28 -------- d-----w- c:\windows\system32\NtmsData

2011-05-30 17:06 . 2011-05-30 17:06 -------- d-----w- c:\documents and settings\Carlos\Application Data\Systweak

2011-05-30 17:06 . 2011-05-28 00:51 17280 ----a-w- c:\windows\system32\roboot.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-17 18:46 . 2011-05-16 13:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 01:52 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-06 01:52 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-21 19:22 . 2011-05-21 19:22 8413 ----a-w- c:\windows\system32\drivers\mcstrm.sys

2011-05-02 15:31 . 2004-08-04 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 21:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-06-23 12:41 . 2011-05-13 14:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0696f815-a3a9-490a-bb14-9ec3350b1276}"= "c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll" [2011-06-08 59336]

.

[HKEY_CLASSES_ROOT\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]

2011-06-08 03:49 59336 ----a-w- c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]

2011-06-08 03:49 706504 ----a-w- c:\progra~1\TELEVI~2\bar\1.bin\64bar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c98d5b61-b0ea-4d48-9839-1079d352d880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-08 706504]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C98D5B61-B0EA-4D48-9839-1079D352D880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-08 706504]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"nwiz"="nwiz.exe" [2006-04-26 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-06 273544]

"TelevisionFanatic Browser Plugin Loader"="c:\progra~1\TELEVI~2\bar\1.bin\64brmon.exe" [2011-06-08 26568]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [6/13/2009 4:18 PM 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [6/13/2009 4:18 PM 24064]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 8:15 AM 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/14/2010 7:42 PM 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 8:15 AM 1541360]

S2 gupdate1c9b0d2a7207434;Google Update Service (gupdate1c9b0d2a7207434);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S2 TelevisionFanaticService;TelevisionFanatic Service;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [6/7/2011 8:49 PM 34856]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [3/10/2010 11:49 AM 23928]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [6/13/2009 4:18 PM 14976]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 10043135

*Deregistered* - 10043135

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\JMRI]

2009-12-17 11:46 171 ----a-w- c:\program files\JMRI\CreatePrefs.bat

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 00:57]

.

2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-06-28 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

.

2011-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2810408817-1970161526-3781679833-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2810408817-1970161526-3781679833-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Carlos\Application Data\Mozilla\Firefox\Profiles\tufl9tfz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-27 21:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???(T??????R?@?????,?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1488)

c:\windows\system32\WININET.dll

c:\progra~1\TELEVI~2\bar\1.bin\64brstub.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-27 21:44:19

ComboFix-quarantined-files.txt 2011-06-28 04:44

ComboFix2.txt 2011-06-04 23:36

.

Pre-Run: 4,392,349,696 bytes free

Post-Run: 4,391,055,360 bytes free

.

- - End Of File - - 84C1EA307CBCDCED5198A05A6935C1CF

Link to post
Share on other sites

I found the report (after clicking on "REPORT") duh.

2011/06/28 07:14:14.0515 3748 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55

2011/06/28 07:14:15.0421 3748 ================================================================================

2011/06/28 07:14:15.0421 3748 SystemInfo:

2011/06/28 07:14:15.0421 3748

2011/06/28 07:14:15.0421 3748 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/28 07:14:15.0421 3748 Product type: Workstation

2011/06/28 07:14:15.0421 3748 ComputerName: YOUR-7745395E08

2011/06/28 07:14:15.0421 3748 UserName: Carlos

2011/06/28 07:14:15.0421 3748 Windows directory: C:\WINDOWS

2011/06/28 07:14:15.0421 3748 System windows directory: C:\WINDOWS

2011/06/28 07:14:15.0421 3748 Processor architecture: Intel x86

2011/06/28 07:14:15.0421 3748 Number of processors: 2

2011/06/28 07:14:15.0421 3748 Page size: 0x1000

2011/06/28 07:14:15.0421 3748 Boot type: Normal boot

2011/06/28 07:14:15.0421 3748 ================================================================================

2011/06/28 07:14:17.0109 3748 Initialize success

2011/06/28 07:14:19.0859 0760 ================================================================================

2011/06/28 07:14:19.0859 0760 Scan started

2011/06/28 07:14:19.0859 0760 Mode: Manual;

2011/06/28 07:14:19.0859 0760 ================================================================================

2011/06/28 07:14:21.0703 0760 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/28 07:14:22.0140 0760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/28 07:14:22.0437 0760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/28 07:14:22.0625 0760 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/28 07:14:23.0031 0760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/28 07:14:23.0484 0760 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/28 07:14:24.0062 0760 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/28 07:14:24.0203 0760 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/28 07:14:24.0515 0760 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/28 07:14:24.0921 0760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/28 07:14:25.0343 0760 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/28 07:14:25.0906 0760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/28 07:14:26.0328 0760 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/28 07:14:26.0656 0760 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/28 07:14:27.0015 0760 AmdK8 (ff8562f78b45a811c1ee23431622d4cc) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/06/28 07:14:27.0343 0760 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/28 07:14:27.0640 0760 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/28 07:14:28.0046 0760 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/28 07:14:28.0343 0760 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/28 07:14:28.0625 0760 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/28 07:14:29.0078 0760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/28 07:14:29.0468 0760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/28 07:14:29.0984 0760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/28 07:14:30.0343 0760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/28 07:14:30.0781 0760 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/06/28 07:14:31.0187 0760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/28 07:14:31.0453 0760 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys

2011/06/28 07:14:32.0046 0760 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/06/28 07:14:32.0312 0760 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/06/28 07:14:32.0843 0760 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/06/28 07:14:33.0203 0760 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/06/28 07:14:33.0593 0760 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2011/06/28 07:14:34.0265 0760 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/28 07:14:34.0609 0760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/28 07:14:34.0796 0760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/28 07:14:35.0000 0760 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/28 07:14:35.0250 0760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/28 07:14:35.0515 0760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/28 07:14:35.0921 0760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/28 07:14:36.0234 0760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/28 07:14:36.0421 0760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/28 07:14:36.0781 0760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/28 07:14:37.0203 0760 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/28 07:14:37.0484 0760 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/28 07:14:37.0984 0760 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/28 07:14:38.0515 0760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/28 07:14:38.0890 0760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/28 07:14:39.0359 0760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/28 07:14:39.0937 0760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/28 07:14:40.0328 0760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/28 07:14:40.0656 0760 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/28 07:14:41.0078 0760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/28 07:14:41.0328 0760 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

2011/06/28 07:14:41.0890 0760 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

2011/06/28 07:14:42.0281 0760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/28 07:14:42.0687 0760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/28 07:14:43.0046 0760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/28 07:14:43.0453 0760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/28 07:14:43.0796 0760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/28 07:14:44.0187 0760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/28 07:14:44.0484 0760 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys

2011/06/28 07:14:45.0078 0760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/28 07:14:45.0468 0760 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys

2011/06/28 07:14:45.0765 0760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/28 07:14:45.0953 0760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/28 07:14:46.0359 0760 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

2011/06/28 07:14:46.0750 0760 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys

2011/06/28 07:14:47.0093 0760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/28 07:14:47.0531 0760 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/28 07:14:48.0031 0760 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/06/28 07:14:48.0500 0760 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/06/28 07:14:49.0062 0760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/28 07:14:49.0640 0760 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/28 07:14:49.0937 0760 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/28 07:14:50.0312 0760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/28 07:14:50.0968 0760 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/06/28 07:14:51.0375 0760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/28 07:14:51.0546 0760 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/28 07:14:51.0921 0760 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/28 07:14:52.0218 0760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/28 07:14:52.0343 0760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/28 07:14:52.0718 0760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/28 07:14:53.0093 0760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/28 07:14:53.0546 0760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/28 07:14:53.0890 0760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/28 07:14:54.0250 0760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/28 07:14:54.0546 0760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/28 07:14:54.0718 0760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/28 07:14:55.0078 0760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/28 07:14:55.0390 0760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/28 07:14:55.0984 0760 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/06/28 07:14:56.0140 0760 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2011/06/28 07:14:56.0468 0760 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/28 07:14:56.0671 0760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/28 07:14:56.0921 0760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/28 07:14:57.0046 0760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/28 07:14:57.0218 0760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/28 07:14:57.0406 0760 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

2011/06/28 07:14:57.0640 0760 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/28 07:14:58.0250 0760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/28 07:14:58.0578 0760 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/28 07:14:59.0062 0760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/28 07:14:59.0437 0760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/28 07:14:59.0812 0760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/28 07:15:00.0171 0760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/28 07:15:00.0531 0760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/28 07:15:00.0750 0760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/28 07:15:00.0984 0760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/28 07:15:01.0406 0760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/28 07:15:01.0796 0760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/28 07:15:02.0203 0760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/28 07:15:02.0421 0760 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/28 07:15:02.0593 0760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/28 07:15:02.0968 0760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/28 07:15:03.0328 0760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/28 07:15:03.0765 0760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/28 07:15:04.0093 0760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/28 07:15:04.0453 0760 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/28 07:15:04.0625 0760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/28 07:15:05.0125 0760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/28 07:15:05.0796 0760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/28 07:15:06.0687 0760 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/28 07:15:08.0203 0760 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/06/28 07:15:08.0375 0760 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/06/28 07:15:08.0781 0760 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/06/28 07:15:08.0984 0760 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys

2011/06/28 07:15:09.0265 0760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/28 07:15:09.0765 0760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/28 07:15:09.0890 0760 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/28 07:15:10.0250 0760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/28 07:15:10.0593 0760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/28 07:15:10.0953 0760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/28 07:15:11.0281 0760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/28 07:15:11.0734 0760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/28 07:15:12.0093 0760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/06/28 07:15:13.0093 0760 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/28 07:15:13.0531 0760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/28 07:15:13.0906 0760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/28 07:15:14.0281 0760 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/28 07:15:14.0625 0760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/28 07:15:14.0968 0760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/28 07:15:15.0390 0760 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/28 07:15:15.0625 0760 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/28 07:15:15.0859 0760 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/28 07:15:16.0250 0760 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/28 07:15:16.0578 0760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/28 07:15:16.0968 0760 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/28 07:15:17.0390 0760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/28 07:15:17.0609 0760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/28 07:15:17.0921 0760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/28 07:15:18.0125 0760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/28 07:15:18.0500 0760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/28 07:15:19.0156 0760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/28 07:15:19.0718 0760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/28 07:15:20.0281 0760 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/28 07:15:20.0796 0760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/28 07:15:21.0343 0760 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/06/28 07:15:21.0765 0760 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/06/28 07:15:22.0218 0760 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/06/28 07:15:22.0859 0760 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

2011/06/28 07:15:23.0531 0760 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/06/28 07:15:24.0046 0760 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys

2011/06/28 07:15:24.0515 0760 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys

2011/06/28 07:15:25.0031 0760 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/06/28 07:15:25.0546 0760 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys

2011/06/28 07:15:25.0953 0760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/28 07:15:26.0421 0760 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/28 07:15:27.0125 0760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/28 07:15:27.0531 0760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/06/28 07:15:28.0250 0760 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/28 07:15:28.0718 0760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/28 07:15:29.0109 0760 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys

2011/06/28 07:15:29.0671 0760 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/28 07:15:30.0171 0760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/28 07:15:30.0531 0760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/28 07:15:31.0109 0760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/28 07:15:31.0734 0760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/28 07:15:32.0296 0760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/28 07:15:32.0953 0760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/28 07:15:33.0328 0760 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/28 07:15:33.0859 0760 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/28 07:15:34.0281 0760 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/28 07:15:34.0796 0760 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/28 07:15:35.0375 0760 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/06/28 07:15:36.0218 0760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/28 07:15:36.0656 0760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/28 07:15:37.0453 0760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/28 07:15:38.0000 0760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/28 07:15:38.0390 0760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/28 07:15:38.0921 0760 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/28 07:15:39.0468 0760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/28 07:15:40.0046 0760 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/28 07:15:40.0656 0760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/28 07:15:41.0281 0760 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/28 07:15:41.0828 0760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/28 07:15:42.0359 0760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/28 07:15:42.0937 0760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/28 07:15:43.0375 0760 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/28 07:15:44.0140 0760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/28 07:15:44.0765 0760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/28 07:15:45.0296 0760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/28 07:15:45.0765 0760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/28 07:15:46.0484 0760 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/06/28 07:15:47.0000 0760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/28 07:15:47.0234 0760 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/28 07:15:47.0703 0760 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/28 07:15:48.0078 0760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/28 07:15:48.0515 0760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/28 07:15:49.0515 0760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/28 07:15:50.0234 0760 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/06/28 07:15:50.0859 0760 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/06/28 07:15:51.0515 0760 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/28 07:15:51.0937 0760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/28 07:15:52.0343 0760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/28 07:15:52.0750 0760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/28 07:15:52.0984 0760 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0

2011/06/28 07:15:53.0046 0760 Boot (0x1200) (040ebc3d0469730d0f3df4975f86afd1) \Device\Harddisk0\DR0\Partition0

2011/06/28 07:15:53.0078 0760 Boot (0x1200) (aa7df35d5a766d3bbd9554c8708ce571) \Device\Harddisk0\DR0\Partition1

2011/06/28 07:15:53.0093 0760 ================================================================================

2011/06/28 07:15:53.0093 0760 Scan finished

2011/06/28 07:15:53.0093 0760 ================================================================================

2011/06/28 07:15:53.0125 2188 Detected object count: 0

2011/06/28 07:15:53.0125 2188 Actual detected object count: 0

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Firefox::
FF - ProfilePath - c:\documents and settings\Carlos\Application Data\Mozilla\Firefox\Profiles\tufl9tfz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=4F434D8C5BDE46DD89785403B9B63C9B&machine_id=b8cbeb7d568d1be9b23b9fe21dac0e06&browser=FF&os=win&os_version=5.1-x86-SP3&q=

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

ComboFix 11-07-02.02 - Carlos 07/02/2011 22:43:47.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.443 [GMT -7:00]

Running from: c:\documents and settings\Carlos\My Documents\ComboFix.exe

Command switches used :: c:\documents and settings\Carlos\Desktop\FILING CABINET\Antivirus scan logs\CFScript.txt

AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))

.

.

2011-06-28 03:50 . 2011-06-28 03:51 -------- dc----w- C:\ComboFix-3

2011-06-23 12:41 . 2011-06-23 12:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-23 12:41 . 2011-06-23 12:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-17 18:49 . 2011-06-07 19:35 103864 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-17 08:41 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-12 16:13 . 2011-06-12 16:13 -------- d-----w- c:\program files\ESET

2011-06-08 03:49 . 2011-06-11 01:37 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-07 19:35 . 2011-06-07 19:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-17 18:46 . 2011-05-16 13:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 01:52 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-06 01:52 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-29 16:11 . 2011-05-31 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11 . 2011-05-31 06:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-28 00:51 . 2011-05-30 17:06 17280 ----a-w- c:\windows\system32\roboot.exe

2011-05-21 19:22 . 2011-05-21 19:22 8413 ----a-w- c:\windows\system32\drivers\mcstrm.sys

2011-05-02 15:31 . 2004-08-04 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 21:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 21:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-06-23 12:41 . 2011-05-13 14:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0696f815-a3a9-490a-bb14-9ec3350b1276}"= "c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll" [2011-06-08 59336]

.

[HKEY_CLASSES_ROOT\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]

2011-06-08 03:49 59336 ----a-w- c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]

2011-06-08 03:49 706504 ----a-w- c:\progra~1\TELEVI~2\bar\1.bin\64bar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c98d5b61-b0ea-4d48-9839-1079d352d880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-08 706504]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C98D5B61-B0EA-4D48-9839-1079D352D880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-08 706504]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"nwiz"="nwiz.exe" [2006-04-26 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-06 273544]

"TelevisionFanatic Browser Plugin Loader"="c:\progra~1\TELEVI~2\bar\1.bin\64brmon.exe" [2011-06-08 26568]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [6/13/2009 4:18 PM 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [6/13/2009 4:18 PM 24064]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 8:15 AM 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/14/2010 7:42 PM 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 8:15 AM 1541360]

S2 gupdate1c9b0d2a7207434;Google Update Service (gupdate1c9b0d2a7207434);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S2 TelevisionFanaticService;TelevisionFanatic Service;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [6/7/2011 8:49 PM 34856]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 5:58 PM 133104]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [3/10/2010 11:49 AM 23928]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [6/13/2009 4:18 PM 14976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\JMRI]

2009-12-17 11:46 171 ----a-w- c:\program files\JMRI\CreatePrefs.bat

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-07-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 00:57]

.

2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 00:58]

.

2011-07-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

.

2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2810408817-1970161526-3781679833-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2810408817-1970161526-3781679833-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Carlos\Application Data\Mozilla\Firefox\Profiles\tufl9tfz.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-02 22:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???(T??????R?@?????,?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3592)

c:\windows\system32\WININET.dll

c:\progra~1\TELEVI~2\bar\1.bin\64brstub.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqsvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\msiexec.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

.

**************************************************************************

.

Completion time: 2011-07-02 23:01:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-03 06:01

ComboFix2.txt 2011-06-28 04:44

ComboFix3.txt 2011-06-04 23:36

.

Pre-Run: 4,161,269,760 bytes free

Post-Run: 4,175,978,496 bytes free

.

- - End Of File - - 56509687CDE97D68A1D44F3557B87ACC

YOU DID IT!

No startnow with either IE or Firefox.

Thank you!

Link to post
Share on other sites

  • Staff

Great!

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

The ESET ran and found 4 WIN32 variants and then deleted them.

There was no log.txt in the C:\Program Files\EsetOnlineScanner folder

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Sophos Anti-Virus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

JMRI - Java Model Railroad Interface

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Sophos Sophos Anti-Virus SAVAdminService.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

JMRI - Java Model Railroad Interface

Java™ 6 Update 24

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.