Jump to content

No Start Menu, No Desktop Icons in XP


Recommended Posts

Any help would be appreciated. When I log on there is no start menu and all of the icons are missing, all I see is the wallpaper. Right click doesn't work, and CTRL+ATL+Delete will not work. I'm only able to sign in using safe mode. Avast will not let me update and it says its unsecured (Your sytem is not protected). I updated Malwarebytes and ran several scans, the first time it found over 100 infections. The second time it was around 8, the third scan didn't find anything. I ran a TDSS scan and they found one rootkit and cured it.

I restarted the computer, but I'm still having the same problems. Any ideas?

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6789

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/6/2011 4:36:28 PM

mbam-log-2011-06-06 (16-36-28).txt

Scan type: Full scan (C:\|)

Objects scanned: 262875

Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-03.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Administrator at 11:24:41 on 2011-06-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.140 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80227&lng=en

mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80227

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DataMngr] c:\program files\imesh applications\mediabar\datamngr\DataMngrUI.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Easy Dock]

mRunOnce: [MyFunCardsIE_3wbar Uninstall] rundll32 c:\progra~1\UNINST~1.DLL,O -3

dRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "c:\windows\temp\E_S3.tmp" /EF "HKCU"

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

dRun: [R8388QA8U8] c:\windows\temp\Lb1.exe

uPolicies-system: NoDispBackgroundPage =

uPolicies-system: NoDispSettingsPage =

uPolicies-system: NoDispAppearancePage =

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8550380E-5DDB-4A77-9D5A-FB7E7C7A2790} : DhcpNameServer = 192.168.1.254

Notify: itlntfy - itlnfw32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

S0 kajbgn;kajbgn;c:\windows\system32\drivers\exgvog.sys --> c:\windows\system32\drivers\exgvog.sys [?]

S0 kdtoyprv;kdtoyprv;c:\windows\system32\drivers\mklbpw.sys --> c:\windows\system32\drivers\mklbpw.sys [?]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-5 441176]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-26 307928]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-26 19544]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-26 42184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 135664]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

S2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2011-1-2 56352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-06 03:31:45 702464 ----a-w- c:\program files\Uninstall MyFunCards.dll

2011-06-06 03:30:22 -------- d-----w- c:\documents and settings\administrator.computer_1.001\application data\simppulltoolbar

2011-06-06 02:01:17 -------- d-s---w- C:\CF16153C

2011-06-06 01:58:16 -------- d-s---w- C:\CF14234C

2011-06-05 23:15:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-05 22:22:27 -------- d-----w- c:\program files\trend micro

2011-06-05 21:49:57 -------- d-s---w- C:\CF

2011-06-05 21:33:34 98816 ----a-w- c:\windows\sed.exe

2011-06-05 21:33:34 518144 ----a-w- c:\windows\SWREG.exe

2011-06-05 21:33:13 -------- d-s---w- C:\ComboFix

2011-06-05 21:11:20 -------- d-sh--w- c:\documents and settings\administrator.computer_1.001\IECompatCache

2011-06-05 19:21:06 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-05 19:21:06 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-05-30 15:35:38 0 ----a-w- c:\windows\Gnipiheg.bin

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 16:44:08 126976 --sha-r- c:\windows\system32\mrinfog.dll

.

============= FINISH: 11:25:18.85 ===============

attach.zip

Link to post
Share on other sites

Hi ToniWayne,

Welcome to the Malwarebytes Forum :)

Since you can only log into Safe Mode, please download the following application onto a Flash (USB) Drive, or a blank CD from another computer.

Download Combofix from any of the links below but rename it to Iexplorer.com before saving it to your Flash (USB) Drive or blank CD.

Link 1

Link 2<--Right Click and use Save As if using this link.

* Do not run ComboFix yet

Now, log into Safe Mode on the infected computer and insert the flash drive (USB) or blank CD; which ever you used to install ComboFix on.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Link to post
Share on other sites

Okay, thanks for your help. The first time I ran combofix it stalled and I had to restart the computer in safe mode. The second time it worked, here's the log:

ComboFix 11-06-06.07 - Administrator 06/08/2011 0:23.4.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.286 [GMT -5:00]

Running from: c:\documents and settings\Administrator.COMPUTER_1.001\Desktop\lexplorer.com

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_ITLPERF

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-06-08 04:48 . 2011-06-08 05:08 -------- d-----w- C:\lexplorer

2011-06-06 03:30 . 2011-06-06 03:30 -------- d-----w- c:\documents and settings\Administrator.COMPUTER_1.001\Application Data\simppulltoolbar

2011-06-05 23:15 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-05 22:22 . 2011-06-06 03:38 -------- d-----w- c:\program files\trend micro

2011-06-05 22:22 . 2011-06-05 22:22 -------- d-----w- C:\rsit

2011-06-05 21:49 . 2011-06-06 01:33 -------- d-----w- C:\CF

2011-06-05 21:33 . 2011-06-05 21:49 -------- d-----w- C:\ComboFix

2011-06-05 21:11 . 2011-06-05 21:11 -------- d-sh--w- c:\documents and settings\Administrator.COMPUTER_1.001\IECompatCache

2011-06-05 19:21 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-02 17:22 . 2011-06-02 17:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-05-20 16:48 . 2011-05-20 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-03-26 09:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-03-26 09:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10 . 2010-07-13 13:21 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2010-03-26 08:06 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2010-03-26 08:06 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2010-03-26 08:06 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 12:02 . 2010-03-26 08:06 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 12:02 . 2010-03-26 08:06 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 11:59 . 2010-03-26 08:06 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2010-03-26 08:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 11:59 . 2010-03-26 08:06 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

2010-05-27 22:02 392072 ----a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]

2009-11-20 17:34 87472 ----a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]

c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll [bU]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"DataMngr"="c:\program files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe" [2010-03-24 797104]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Easy Dock"="" [bU]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]

RCA Detective.lnk - c:\documents and settings\Administrator.COMPUTER_1.001\My Documents\RCA Detective\RCADetective.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlntfy]

itlnfw32.dll [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Phantom EFX\\OnlineCasino\\Bin\\Prelauncher.exe"=

"c:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:MyOKOPort

.

S0 kajbgn;kajbgn;c:\windows\system32\drivers\exgvog.sys --> c:\windows\system32\drivers\exgvog.sys [?]

S0 kdtoyprv;kdtoyprv;c:\windows\system32\drivers\mklbpw.sys --> c:\windows\system32\drivers\mklbpw.sys [?]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/5/2011 6:15 PM 441176]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/26/2010 3:06 AM 307928]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/26/2010 3:06 AM 19544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 11:43 PM 135664]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]

S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [1/2/2011 10:07 PM 56352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 11:43 PM 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 04:43]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 04:43]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-436374069-1177238915-1003Core1cc23eac92150e8.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-10 12:48]

.

2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-436374069-1177238915-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-10 12:48]

.

2011-06-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 04:44]

.

2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{FA468938-510B-4A34-A45F-27A9C1414A58}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yx70s1df.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: BarQuery: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001} - c:\program files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: MediaBar: {28D35620-51D9-11DE-9D13-2DB156D89593} - %profile%\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-08 00:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-436374069-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,e7,09,c4,99,26,ed,4d,a5,9d,b0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,e7,09,c4,99,26,ed,4d,a5,9d,b0,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(408)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-06-08 00:32:34

ComboFix-quarantined-files.txt 2011-06-08 05:32

.

Pre-Run: 138,555,813,888 bytes free

Post-Run: 138,520,510,464 bytes free

.

- - End Of File - - 422C37A490F57F37A0B4BAA0D69FB0DB

Link to post
Share on other sites

You're welcome. :)

Glad to see you closed your thread over at the bullguard forums as well. Looking at the one CF Scan there, it seems you may have a TDL3 rootkit.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

kajbgn

kdtoyprv

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    tdsskiller2.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Here are the logs you requested:

ComboFix 11-06-06.07 - Administrator 06/08/2011 13:04:22.6.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.224 [GMT -5:00]

Running from: c:\documents and settings\Administrator.COMPUTER_1.001\Desktop\lexplorer.com

Command switches used :: c:\docume~1\ADMINI~1.001\Desktop\cfscript.txt

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-06-08 04:48 . 2011-06-08 05:08 -------- d-----w- C:\lexplorer

2011-06-06 03:30 . 2011-06-06 03:30 -------- d-----w- c:\documents and settings\Administrator.COMPUTER_1.001\Application Data\simppulltoolbar

2011-06-05 23:15 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-05 22:22 . 2011-06-06 03:38 -------- d-----w- c:\program files\trend micro

2011-06-05 22:22 . 2011-06-05 22:22 -------- d-----w- C:\rsit

2011-06-05 21:49 . 2011-06-06 01:33 -------- d-----w- C:\CF

2011-06-05 21:33 . 2011-06-05 21:49 -------- d-----w- C:\ComboFix

2011-06-05 21:11 . 2011-06-05 21:11 -------- d-sh--w- c:\documents and settings\Administrator.COMPUTER_1.001\IECompatCache

2011-06-05 19:21 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-02 17:22 . 2011-06-02 17:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-05-20 16:48 . 2011-05-20 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-03-26 09:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-03-26 09:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10 . 2010-07-13 13:21 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2010-03-26 08:06 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2010-03-26 08:06 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2010-03-26 08:06 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 12:02 . 2010-03-26 08:06 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 12:02 . 2010-03-26 08:06 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 11:59 . 2010-03-26 08:06 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2010-03-26 08:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 11:59 . 2010-03-26 08:06 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

2010-05-27 22:02 392072 ----a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]

2009-11-20 17:34 87472 ----a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]

c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll [bU]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"DataMngr"="c:\program files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe" [2010-03-24 797104]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Easy Dock"="" [bU]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]

RCA Detective.lnk - c:\documents and settings\Administrator.COMPUTER_1.001\My Documents\RCA Detective\RCADetective.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlntfy]

itlnfw32.dll [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Phantom EFX\\OnlineCasino\\Bin\\Prelauncher.exe"=

"c:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:MyOKOPort

.

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/5/2011 6:15 PM 441176]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/26/2010 3:06 AM 307928]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/26/2010 3:06 AM 19544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 11:43 PM 135664]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]

S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [1/2/2011 10:07 PM 56352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 11:43 PM 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 04:43]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 04:43]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-436374069-1177238915-1003Core1cc23eac92150e8.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-10 12:48]

.

2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-436374069-1177238915-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-10 12:48]

.

2011-06-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 04:44]

.

2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{FA468938-510B-4A34-A45F-27A9C1414A58}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yx70s1df.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: BarQuery: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001} - c:\program files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: MediaBar: {28D35620-51D9-11DE-9D13-2DB156D89593} - %profile%\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-08 13:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-436374069-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,e7,09,c4,99,26,ed,4d,a5,9d,b0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,e7,09,c4,99,26,ed,4d,a5,9d,b0,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2004)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-06-08 13:12:30

ComboFix-quarantined-files.txt 2011-06-08 18:12

ComboFix2.txt 2011-06-08 17:51

ComboFix3.txt 2011-06-08 05:32

.

Pre-Run: 138,526,269,440 bytes free

Post-Run: 138,512,883,712 bytes free

.

- - End Of File - - E3DD81EF97CE710FE453E945A094A787

2011/06/08 13:14:42.0906 0720 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/08 13:14:43.0281 0720 ================================================================================

2011/06/08 13:14:43.0281 0720 SystemInfo:

2011/06/08 13:14:43.0281 0720

2011/06/08 13:14:43.0281 0720 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/08 13:14:43.0281 0720 Product type: Workstation

2011/06/08 13:14:43.0281 0720 ComputerName: COMPUTER_1

2011/06/08 13:14:43.0281 0720 UserName: Administrator

2011/06/08 13:14:43.0281 0720 Windows directory: C:\WINDOWS

2011/06/08 13:14:43.0281 0720 System windows directory: C:\WINDOWS

2011/06/08 13:14:43.0281 0720 Processor architecture: Intel x86

2011/06/08 13:14:43.0281 0720 Number of processors: 1

2011/06/08 13:14:43.0281 0720 Page size: 0x1000

2011/06/08 13:14:43.0281 0720 Boot type: Safe boot with network

2011/06/08 13:14:43.0281 0720 ================================================================================

2011/06/08 13:14:44.0640 0720 Initialize success

2011/06/08 13:14:48.0015 1684 ================================================================================

2011/06/08 13:14:48.0015 1684 Scan started

2011/06/08 13:14:48.0015 1684 Mode: Manual;

2011/06/08 13:14:48.0015 1684 ================================================================================

2011/06/08 13:14:50.0406 1684 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/06/08 13:14:50.0796 1684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/08 13:14:50.0953 1684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/08 13:14:51.0171 1684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/08 13:14:51.0328 1684 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/08 13:14:51.0484 1684 AgereSoftModem (994a42d273c35b43ee9d1e8a5d8bc639) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/06/08 13:14:52.0046 1684 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/06/08 13:14:52.0375 1684 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2011/06/08 13:14:52.0656 1684 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/08 13:14:53.0125 1684 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/06/08 13:14:53.0250 1684 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/06/08 13:14:53.0390 1684 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/06/08 13:14:53.0562 1684 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/06/08 13:14:53.0781 1684 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys

2011/06/08 13:14:53.0906 1684 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/06/08 13:14:54.0031 1684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/08 13:14:54.0281 1684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/08 13:14:54.0453 1684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/08 13:14:54.0578 1684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/08 13:14:54.0703 1684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/08 13:14:54.0843 1684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/08 13:14:55.0031 1684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/08 13:14:55.0125 1684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/08 13:14:55.0250 1684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/08 13:14:55.0812 1684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/08 13:14:55.0937 1684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/08 13:14:56.0125 1684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/08 13:14:56.0250 1684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/08 13:14:56.0375 1684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/08 13:14:56.0593 1684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/08 13:14:56.0734 1684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/08 13:14:56.0843 1684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/08 13:14:56.0968 1684 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2011/06/08 13:14:57.0781 1684 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2011/06/08 13:14:57.0890 1684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/08 13:14:58.0328 1684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/08 13:14:58.0562 1684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/08 13:14:58.0828 1684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/08 13:14:58.0968 1684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/08 13:14:59.0078 1684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/08 13:14:59.0187 1684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/08 13:14:59.0375 1684 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/08 13:14:59.0562 1684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/08 13:14:59.0812 1684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/08 13:14:59.0921 1684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/08 13:15:00.0171 1684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/08 13:15:00.0265 1684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/08 13:15:00.0375 1684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/08 13:15:00.0484 1684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/08 13:15:00.0640 1684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/08 13:15:00.0750 1684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/08 13:15:00.0859 1684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/08 13:15:00.0984 1684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/08 13:15:01.0078 1684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/08 13:15:01.0187 1684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/08 13:15:01.0328 1684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/08 13:15:01.0562 1684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/08 13:15:01.0687 1684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/08 13:15:01.0781 1684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/08 13:15:01.0906 1684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/08 13:15:02.0015 1684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/08 13:15:02.0218 1684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/08 13:15:02.0375 1684 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/08 13:15:02.0562 1684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/08 13:15:02.0671 1684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/08 13:15:02.0765 1684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/08 13:15:02.0859 1684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/08 13:15:02.0984 1684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/08 13:15:03.0125 1684 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/08 13:15:03.0265 1684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/08 13:15:03.0375 1684 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/08 13:15:03.0484 1684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/08 13:15:03.0609 1684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/08 13:15:03.0718 1684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/08 13:15:03.0828 1684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/08 13:15:03.0968 1684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/08 13:15:04.0109 1684 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/08 13:15:04.0234 1684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/08 13:15:04.0375 1684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/08 13:15:04.0484 1684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/08 13:15:04.0578 1684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/08 13:15:04.0687 1684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/08 13:15:04.0796 1684 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/08 13:15:04.0906 1684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/08 13:15:05.0015 1684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/08 13:15:05.0125 1684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/08 13:15:05.0250 1684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/08 13:15:05.0437 1684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/08 13:15:05.0546 1684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/08 13:15:06.0125 1684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/08 13:15:06.0234 1684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/08 13:15:06.0343 1684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/08 13:15:06.0781 1684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/08 13:15:06.0906 1684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/08 13:15:07.0015 1684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/08 13:15:07.0125 1684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/08 13:15:07.0281 1684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/08 13:15:07.0390 1684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/08 13:15:07.0515 1684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/08 13:15:07.0640 1684 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/08 13:15:07.0750 1684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/08 13:15:07.0921 1684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/08 13:15:08.0046 1684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/08 13:15:08.0156 1684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/08 13:15:08.0265 1684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/08 13:15:08.0562 1684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/08 13:15:08.0687 1684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/08 13:15:08.0812 1684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/08 13:15:08.0937 1684 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/06/08 13:15:09.0031 1684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/08 13:15:09.0156 1684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/08 13:15:09.0578 1684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/08 13:15:09.0750 1684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/08 13:15:09.0859 1684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/08 13:15:09.0953 1684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/08 13:15:10.0093 1684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/08 13:15:10.0328 1684 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2011/06/08 13:15:10.0437 1684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/08 13:15:10.0609 1684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/08 13:15:10.0765 1684 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/08 13:15:10.0890 1684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/08 13:15:11.0015 1684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/08 13:15:11.0109 1684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/08 13:15:11.0218 1684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/08 13:15:11.0328 1684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/08 13:15:11.0453 1684 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2011/06/08 13:15:11.0562 1684 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/08 13:15:11.0687 1684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/08 13:15:11.0781 1684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/08 13:15:11.0921 1684 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2011/06/08 13:15:12.0031 1684 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/08 13:15:12.0140 1684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/08 13:15:12.0265 1684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/08 13:15:12.0468 1684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/08 13:15:12.0671 1684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/08 13:15:12.0812 1684 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/08 13:15:12.0937 1684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/08 13:15:13.0046 1684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/08 13:15:13.0140 1684 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys

2011/06/08 13:15:13.0187 1684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/08 13:15:13.0281 1684 ================================================================================

2011/06/08 13:15:13.0281 1684 Scan finished

2011/06/08 13:15:13.0281 1684 ================================================================================

2011/06/08 13:15:13.0375 1912 Detected object count: 0

2011/06/08 13:15:13.0375 1912 Actual detected object count: 0

2011/06/08 13:16:40.0953 0232 Deinitialize success

Link to post
Share on other sites

This infection family will hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Launch Malwarebytes' Anti-Malware

  • Check for updates, and ff an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

I ran both scans in safe mode with networking, here are the logs:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/8/2011 11:15:29 PM

mbam-log-2011-06-08 (23-15-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 238024

Time elapsed: 17 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{53026944-c514-4036-8cb4-1a8ac6fa52c6}\RP0\A0005689.dll (Trojan.Agent.GGE) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\f1e0fd3-7ae6412d multiple threats deleted - quarantined

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\50\241aebb2-22ae370b multiple threats deleted - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\5CB7381692BA63641502463556702484\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\5CB7381692BA63641502463556702484\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\uterihehafil.dll.vir a variant of Win32/Kryptik.NKG trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0001247.exe probably a variant of Win32/Adware.OneStep.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0001248.exe probably a variant of Win32/Adware.OneStep.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0001357.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0001363.dll a variant of Win32/Kryptik.NKG trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0004613.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0004618.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined

C:\System Volume Information\_restore{53026944-C514-4036-8CB4-1A8AC6FA52C6}\RP0\A0004619.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

Link to post
Share on other sites

You're welcome :)

I can understand your frustration. Below, I posted a list of ways to help keep your computer secure in the future:

  • I recommend you install an alternate web browser such as FireFox. FireFox is a more secure browser than Internet Explorer and it has some additional tools you can install to help secure it even more.
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Use AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Please only choose one.

    Select one of these, or another of your choice. Download, install, and update definitions.

    [*]Use a Firewall - I recommend using a firewall which will allow you to stay protected against hackers.

    *Note: Starting with Windows XP SP2, Windows comes with a built in firewall, however, I recommend you choose one of the free firewalls listed below and install it.

    [*]Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    [*]Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

    [*]Malwarebytes

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.