poppy2 Posted June 8, 2011 ID:438417 Share Posted June 8, 2011 Hi, I have had fake pop ups etc. and ran mbam (not updated version since update would not work) which found trojan.fakems and trojan.agent.gd. Under the start menu - all programs - there are no programs and on the desktop all icons dissapeared. The favorites in Internet Explorer are all gone also. I tried to run different versions of rkill and it would always say acess denied. I managed to manually update mbam and ran it again and it found one of the versions of rkill but nothing else. I can't retrieve the latest mbam log because the program won't start. I have attached the logs from mbam, dds and gmer. Sorry I can't figure out how to zip them since the program seems to be missing. The fake pop ups have stopped since mbam removed the trojans but my computer is still a mess and I can't update anything. Thanks for any help you can give me!dds.txtark.txtAttach.txtmbam-log-2011-06-06 (06-41-12).txt Link to post Share on other sites More sharing options...
Kenny94 Posted June 8, 2011 ID:438484 Share Posted June 8, 2011 Hi poppy2 and Welcome to Malwarebytes!Please download aswMBR from hereSave aswMBR.exe to your DesktopDouble click aswMBR.exe to run itClick the Scan button to start the scan as illustrated belowNote: Do not take action against any **Rootkit** entries until I have reviewed the log. Once the scan finishes click Save log to save the log to your DesktopCopy and paste the contents of aswMBR.txt back here for review Link to post Share on other sites More sharing options...
poppy2 Posted June 9, 2011 Author ID:438655 Share Posted June 9, 2011 Hi Kenny, thanks for your help. Here is the aswMBR file:aswMBR version 0.9.5.256 Copyright© 2011 AVAST SoftwareRun date: 2011-06-08 22:38:50-----------------------------22:38:50.937 OS Version: Windows 5.1.2600 Service Pack 322:38:50.937 Number of processors: 1 586 0x2F0222:38:50.937 ComputerName: BETSY UserName: 22:38:51.734 Initialize success22:38:53.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-322:38:53.890 Disk 0 Vendor: Maxtor_6L200M0 BACE1G10 Size: 190782MB BusType: 322:38:55.921 Disk 0 MBR read successfully22:38:55.921 Disk 0 MBR scan22:38:55.921 Disk 0 unknown MBR code22:38:57.921 Disk 0 scanning sectors +39071686522:38:57.953 Disk 0 scanning C:\WINDOWS\system32\drivers22:39:05.640 Service scanning22:39:06.765 Disk 0 trace - called modules:22:39:06.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 22:39:06.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86310ab8]22:39:06.781 3 CLASSPNP.SYS[f76b0fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8638da98]22:39:06.781 5 ACPI.sys[f7547620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637e940]22:39:06.781 Scan finished successfully22:39:50.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"22:39:50.125 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Kenny94 Posted June 9, 2011 ID:438657 Share Posted June 9, 2011 Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.Vista/Windows 7 users right-click and select Run As Administrator.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
poppy2 Posted June 9, 2011 Author ID:438661 Share Posted June 9, 2011 Nothing was found. Here is the log, thanks:2011/06/08 22:58:14.0968 2576 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:482011/06/08 22:58:15.0453 2576 ================================================================================2011/06/08 22:58:15.0453 2576 SystemInfo:2011/06/08 22:58:15.0453 2576 2011/06/08 22:58:15.0453 2576 OS Version: 5.1.2600 ServicePack: 3.02011/06/08 22:58:15.0453 2576 Product type: Workstation2011/06/08 22:58:15.0453 2576 ComputerName: BETSY2011/06/08 22:58:15.0453 2576 UserName: Compaq_Administrator2011/06/08 22:58:15.0453 2576 Windows directory: C:\WINDOWS2011/06/08 22:58:15.0453 2576 System windows directory: C:\WINDOWS2011/06/08 22:58:15.0453 2576 Processor architecture: Intel x862011/06/08 22:58:15.0453 2576 Number of processors: 12011/06/08 22:58:15.0453 2576 Page size: 0x10002011/06/08 22:58:15.0453 2576 Boot type: Normal boot2011/06/08 22:58:15.0453 2576 ================================================================================2011/06/08 22:58:17.0531 2576 Initialize success2011/06/08 22:58:59.0328 2164 ================================================================================2011/06/08 22:58:59.0328 2164 Scan started2011/06/08 22:58:59.0328 2164 Mode: Manual; 2011/06/08 22:58:59.0328 2164 ================================================================================2011/06/08 22:59:00.0062 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/06/08 22:59:00.0156 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/06/08 22:59:00.0359 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/06/08 22:59:00.0500 2164 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys2011/06/08 22:59:00.0687 2164 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys2011/06/08 22:59:01.0312 2164 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2011/06/08 22:59:01.0687 2164 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys2011/06/08 22:59:01.0937 2164 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys2011/06/08 22:59:02.0000 2164 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys2011/06/08 22:59:02.0078 2164 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys2011/06/08 22:59:02.0140 2164 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys2011/06/08 22:59:02.0265 2164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2011/06/08 22:59:02.0343 2164 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys2011/06/08 22:59:02.0640 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/06/08 22:59:02.0828 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/06/08 22:59:02.0984 2164 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2011/06/08 22:59:03.0109 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/06/08 22:59:03.0312 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/06/08 22:59:03.0437 2164 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys2011/06/08 22:59:03.0546 2164 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys2011/06/08 22:59:03.0750 2164 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys2011/06/08 22:59:03.0875 2164 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys2011/06/08 22:59:04.0000 2164 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys2011/06/08 22:59:04.0218 2164 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys2011/06/08 22:59:04.0390 2164 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys2011/06/08 22:59:04.0453 2164 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys2011/06/08 22:59:04.0671 2164 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys2011/06/08 22:59:04.0734 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/06/08 22:59:04.0828 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/06/08 22:59:05.0062 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/06/08 22:59:05.0171 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/06/08 22:59:05.0343 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/06/08 22:59:05.0828 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/06/08 22:59:06.0046 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2011/06/08 22:59:06.0203 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2011/06/08 22:59:06.0453 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/06/08 22:59:06.0578 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/06/08 22:59:06.0890 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/06/08 22:59:07.0109 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/06/08 22:59:07.0171 2164 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys2011/06/08 22:59:07.0312 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/06/08 22:59:07.0390 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2011/06/08 22:59:07.0578 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2011/06/08 22:59:07.0718 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2011/06/08 22:59:07.0890 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/06/08 22:59:07.0984 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/06/08 22:59:08.0046 2164 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys2011/06/08 22:59:08.0140 2164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2011/06/08 22:59:08.0312 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/06/08 22:59:08.0546 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/06/08 22:59:08.0734 2164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/06/08 22:59:08.0859 2164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/06/08 22:59:09.0031 2164 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/06/08 22:59:09.0171 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/06/08 22:59:09.0609 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/06/08 22:59:09.0765 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/06/08 22:59:09.0984 2164 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2011/06/08 22:59:10.0078 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2011/06/08 22:59:10.0312 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2011/06/08 22:59:10.0406 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/06/08 22:59:10.0531 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/06/08 22:59:10.0718 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/06/08 22:59:10.0828 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/06/08 22:59:10.0937 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/06/08 22:59:11.0125 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/06/08 22:59:11.0281 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/06/08 22:59:11.0437 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/06/08 22:59:11.0593 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/06/08 22:59:11.0921 2164 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys2011/06/08 22:59:12.0031 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/06/08 22:59:12.0125 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2011/06/08 22:59:12.0218 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/06/08 22:59:12.0328 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/06/08 22:59:12.0500 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/06/08 22:59:12.0625 2164 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/06/08 22:59:12.0812 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/06/08 22:59:12.0953 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/06/08 22:59:13.0062 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/06/08 22:59:13.0187 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/06/08 22:59:13.0343 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/06/08 22:59:13.0484 2164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/06/08 22:59:13.0656 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/06/08 22:59:13.0718 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/06/08 22:59:13.0781 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/06/08 22:59:13.0890 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/06/08 22:59:14.0062 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/06/08 22:59:14.0203 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/06/08 22:59:14.0343 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/06/08 22:59:14.0593 2164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2011/06/08 22:59:14.0718 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/06/08 22:59:14.0812 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/06/08 22:59:15.0031 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/06/08 22:59:15.0109 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/06/08 22:59:15.0171 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/06/08 22:59:15.0328 2164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/06/08 22:59:15.0515 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2011/06/08 22:59:15.0578 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/06/08 22:59:15.0718 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/06/08 22:59:15.0812 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2011/06/08 22:59:16.0046 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/06/08 22:59:16.0125 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/06/08 22:59:16.0750 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/06/08 22:59:16.0796 2164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys2011/06/08 22:59:16.0968 2164 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys2011/06/08 22:59:17.0140 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/06/08 22:59:17.0359 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/06/08 22:59:17.0500 2164 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/06/08 22:59:17.0953 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/06/08 22:59:18.0078 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/06/08 22:59:18.0218 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/06/08 22:59:18.0312 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/06/08 22:59:18.0421 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/06/08 22:59:18.0562 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/06/08 22:59:18.0718 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2011/06/08 22:59:18.0890 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/06/08 22:59:19.0046 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/06/08 22:59:19.0296 2164 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys2011/06/08 22:59:19.0390 2164 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS2011/06/08 22:59:19.0546 2164 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2011/06/08 22:59:19.0625 2164 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS2011/06/08 22:59:19.0703 2164 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys2011/06/08 22:59:19.0890 2164 Secdrv (2defb161a0afadc085f55450b706677e) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/06/08 22:59:20.0015 2164 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/06/08 22:59:20.0203 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2011/06/08 22:59:20.0312 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/06/08 22:59:20.0609 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/06/08 22:59:20.0796 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2011/06/08 22:59:20.0890 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys2011/06/08 22:59:21.0078 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/06/08 22:59:21.0156 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/06/08 22:59:21.0734 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/06/08 22:59:21.0968 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/06/08 22:59:22.0156 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/06/08 22:59:22.0359 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/06/08 22:59:22.0593 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/06/08 22:59:22.0765 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/06/08 22:59:22.0953 2164 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys2011/06/08 22:59:23.0015 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/06/08 22:59:23.0171 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/06/08 22:59:23.0296 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/06/08 22:59:23.0359 2164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys2011/06/08 22:59:23.0468 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/06/08 22:59:23.0562 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/06/08 22:59:23.0609 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/06/08 22:59:23.0671 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/06/08 22:59:23.0781 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/06/08 22:59:23.0843 2164 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/06/08 22:59:24.0031 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2011/06/08 22:59:24.0171 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/06/08 22:59:24.0515 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/06/08 22:59:24.0812 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys2011/06/08 22:59:24.0937 2164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2011/06/08 22:59:25.0156 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2011/06/08 22:59:25.0312 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2011/06/08 22:59:25.0437 2164 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR02011/06/08 22:59:25.0453 2164 ================================================================================2011/06/08 22:59:25.0468 2164 Scan finished2011/06/08 22:59:25.0468 2164 ================================================================================2011/06/08 22:59:25.0515 0200 Detected object count: 02011/06/08 22:59:25.0515 0200 Actual detected object count: 0 Link to post Share on other sites More sharing options...
Kenny94 Posted June 9, 2011 ID:438665 Share Posted June 9, 2011 One of your logs is showing a rootkit, but the others scanners hasn't found it. ComboFix will not run until AVG is uninstalled as a protective measure. This is an issue with AVG. You can install AVG after we clean your PC. Or I have another free Antivirus that you can install. Use the uninstaller below:Download AppRemover and run it.Click Next >>Ensure "Remove Security Application" is collected and click Next >>AppRemover will scan all the security applications on your PCSelect Any AVG entries from the applications offered and click Next >> twice.Follow any further on-screen instructions. If asked to reboot,please do so.Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installedIf AVG is not listed. Rerun AppRemover and select to "Clean Up a Failed Uninstall" Select AVG follow the promts.Next Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
poppy2 Posted June 9, 2011 Author ID:438681 Share Posted June 9, 2011 here is the combofix log, thanks:..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recoveryc:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnkc:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk..((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))..2011-06-09 04:05 . 2011-06-09 04:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG102011-06-09 03:37 . 2011-06-09 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-04-13 22:40 . 2011-04-13 22:40 4284416 ---ha-w- c:\windows\system32\GPhotos.scr..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91917DC6-93B9-4E62-B2D6-D39C9618C418}]2010-04-12 14:34 630272 ---ha-w- c:\program files\Shop to Win 4\ShoppingBHO.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableClock"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2010-02-25 05:07 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"="c:\\Program Files\\WildTangent\\Apps\\Compaq Game Console\\GameConsole.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"="c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 67656]R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [1/3/2011 12:02 AM 153600]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 8:29 AM 92008]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2011-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]..------- Supplementary Scan -------.uStart Page = hxxp://www.drudgereport.com/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localTrusted Zone: turbotax.comTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q=FF - prefs.js: browser.startup.homepage - hxxp://www.msn.comFF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: yahoo.homepage.dontask - true.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-09 00:27Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(588)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\windows\system32\Ati2evxx.dll.Completion time: 2011-06-09 00:30:00ComboFix-quarantined-files.txt 2011-06-09 04:29.Pre-Run: 90,197,950,464 bytes freePost-Run: 90,294,259,712 bytes free.- - End Of File - - E9CE23BEC2DC2EFD12FBAB8AD75FB469 Link to post Share on other sites More sharing options...
Kenny94 Posted June 9, 2011 ID:438791 Share Posted June 9, 2011 Update Run MalwarebytesLaunch Malwarebytes' Anti-MalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
poppy2 Posted June 10, 2011 Author ID:438996 Share Posted June 10, 2011 when I try to update malwarebytes it looks like it's updating but it keeps loading over and over and never finishes. then I got a popup with an error code that says PROGRAM_ERROR_UPDATING (5,0, Create File) Access is deniedI did a manual update and here is the log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6516Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/9/2011 10:14:46 PMmbam-log-2011-06-09 (22-14-46).txtScan type: Quick scanObjects scanned: 164484Time elapsed: 5 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Kenny94 Posted June 10, 2011 ID:439123 Share Posted June 10, 2011 Step 1:Uninstall Malwarebytes' Anti-Malware from Add/Remove Programs in the Control Panel Restart your computer very importantDownload and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very importantNext Please download Malwarebytes Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Link to post Share on other sites More sharing options...
poppy2 Posted June 11, 2011 Author ID:439350 Share Posted June 11, 2011 thanks, Kenny94, that worked. here is the log:Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6832Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/10/2011 10:05:05 PMmbam-log-2011-06-10 (22-05-05).txtScan type: Quick scanObjects scanned: 170434Time elapsed: 5 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Kenny94 Posted June 11, 2011 ID:439657 Share Posted June 11, 2011 Let's kill two birds with one stone, as the old saying goes. We need a good free virus program for your PC and do a full scan.Download and run:Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply Link to post Share on other sites More sharing options...
poppy2 Posted June 12, 2011 Author ID:439945 Share Posted June 12, 2011 ok here is the log,thanks:Avira AntiVir PersonalReport file date: Saturday, June 11, 2011 22:59Scanning for 2752344 virus strains and unwanted programs.The program is running as an unrestricted full version.Online services are available:Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows XPWindows version : (Service Pack 3) [5.1.2600]Boot mode : Normally bootedUsername : Compaq_AdministratorComputer name : BETSYVersion information:BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 21:07:43AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 21:07:57LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 21:07:53LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 02:48:23VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 02:48:42VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 02:48:42VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 02:48:42VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 02:48:42VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 02:48:42VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 02:48:43VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 02:48:43VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 02:48:43VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 02:48:43VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 02:48:44VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 02:48:45VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 02:48:47VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 02:48:48VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 02:48:49VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 02:48:50VBASE019.VDF : 7.11.9.144 2048 Bytes 6/10/2011 02:48:50VBASE020.VDF : 7.11.9.145 2048 Bytes 6/10/2011 02:48:50VBASE021.VDF : 7.11.9.146 2048 Bytes 6/10/2011 02:48:50VBASE022.VDF : 7.11.9.147 2048 Bytes 6/10/2011 02:48:51VBASE023.VDF : 7.11.9.148 2048 Bytes 6/10/2011 02:48:51VBASE024.VDF : 7.11.9.149 2048 Bytes 6/10/2011 02:48:51VBASE025.VDF : 7.11.9.150 2048 Bytes 6/10/2011 02:48:51VBASE026.VDF : 7.11.9.151 2048 Bytes 6/10/2011 02:48:51VBASE027.VDF : 7.11.9.152 2048 Bytes 6/10/2011 02:48:51VBASE028.VDF : 7.11.9.153 2048 Bytes 6/10/2011 02:48:51VBASE029.VDF : 7.11.9.154 2048 Bytes 6/10/2011 02:48:52VBASE030.VDF : 7.11.9.155 2048 Bytes 6/10/2011 02:48:52VBASE031.VDF : 7.11.9.159 8704 Bytes 6/11/2011 02:48:52Engineversion : 8.2.5.14 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/12/2011 02:49:17AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27AESBX.DLL : 8.2.1.34 323957 Bytes 6/12/2011 02:49:18AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38AEPACK.DLL : 8.2.6.8 557430 Bytes 6/12/2011 02:49:14AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/12/2011 02:49:11AEHEUR.DLL : 8.1.2.125 3543415 Bytes 6/12/2011 02:49:10AEHELP.DLL : 8.1.17.2 246135 Bytes 6/12/2011 02:48:58AEGEN.DLL : 8.1.5.6 401780 Bytes 6/12/2011 02:48:57AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19AECORE.DLL : 8.1.21.1 196983 Bytes 6/12/2011 02:48:55AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 21:07:42AVREP.DLL : 10.0.0.10 174120 Bytes 6/12/2011 02:49:20AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 21:07:42AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 21:07:43AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 21:07:38AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 21:07:41SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 21:07:58RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 20:15:52Configuration settings for the scan:Jobname.............................: Complete system scanConfiguration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avpLogging.............................: lowPrimary action......................: interactiveSecondary action....................: ignoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:, D:, Process scan........................: onExtended process scan...............: onScan registry.......................: onSearch for rootkits.................: onIntegrity checking of system files..: offScan all files......................: All filesScan archives.......................: onRecursion depth.....................: 20Smart extensions....................: onMacro heuristic.....................: onFile heuristic......................: mediumStart of the scan: Saturday, June 11, 2011 22:59Starting search for hidden objects.HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible.The scan of running processes will be startedScan process 'msdtc.exe' - '40' Module(s) have been scannedScan process 'dllhost.exe' - '45' Module(s) have been scannedScan process 'vssvc.exe' - '48' Module(s) have been scannedScan process 'avscan.exe' - '69' Module(s) have been scannedScan process 'avconfig.exe' - '79' Module(s) have been scannedScan process 'avcenter.exe' - '103' Module(s) have been scannedScan process 'avgnt.exe' - '58' Module(s) have been scannedScan process 'sched.exe' - '46' Module(s) have been scannedScan process 'avshadow.exe' - '26' Module(s) have been scannedScan process 'avguard.exe' - '56' Module(s) have been scannedScan process 'iexplore.exe' - '121' Module(s) have been scannedScan process 'iexplore.exe' - '71' Module(s) have been scannedScan process 'ehmsas.exe' - '22' Module(s) have been scannedScan process 'ctfmon.exe' - '25' Module(s) have been scannedScan process 'TomTomHOMERunner.exe' - '26' Module(s) have been scannedScan process 'FUFAXSTM.exe' - '65' Module(s) have been scannedScan process 'EEventManager.exe' - '56' Module(s) have been scannedScan process 'qttask.exe' - '19' Module(s) have been scannedScan process 'ARPWRMSG.EXE' - '14' Module(s) have been scannedScan process 'ehtray.exe' - '45' Module(s) have been scannedScan process 'svchost.exe' - '34' Module(s) have been scannedScan process 'Explorer.EXE' - '94' Module(s) have been scannedScan process 'Ati2evxx.exe' - '20' Module(s) have been scannedScan process 'alg.exe' - '33' Module(s) have been scannedScan process 'dllhost.exe' - '61' Module(s) have been scannedScan process 'WLIDSvcM.exe' - '15' Module(s) have been scannedScan process 'mcrdsvc.exe' - '29' Module(s) have been scannedScan process 'WLIDSVC.EXE' - '55' Module(s) have been scannedScan process 'TomTomHOMEService.exe' - '9' Module(s) have been scannedScan process 'svchost.exe' - '43' Module(s) have been scannedScan process 'svchost.exe' - '39' Module(s) have been scannedScan process 'SeaPort.exe' - '45' Module(s) have been scannedScan process 'svchost.exe' - '30' Module(s) have been scannedScan process 'svchost.exe' - '30' Module(s) have been scannedScan process 'MDM.EXE' - '22' Module(s) have been scannedScan process 'LSSrvc.exe' - '16' Module(s) have been scannedScan process 'E_S50ST7.EXE' - '16' Module(s) have been scannedScan process 'ehSched.exe' - '21' Module(s) have been scannedScan process 'ehRecvr.exe' - '43' Module(s) have been scannedScan process 'mDNSResponder.exe' - '33' Module(s) have been scannedScan process 'arservice.exe' - '24' Module(s) have been scannedScan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scannedScan process 'eEBSVC.exe' - '23' Module(s) have been scannedScan process 'svchost.exe' - '34' Module(s) have been scannedScan process 'spoolsv.exe' - '62' Module(s) have been scannedScan process 'svchost.exe' - '36' Module(s) have been scannedScan process 'svchost.exe' - '32' Module(s) have been scannedScan process 'svchost.exe' - '30' Module(s) have been scannedScan process 'svchost.exe' - '166' Module(s) have been scannedScan process 'svchost.exe' - '40' Module(s) have been scannedScan process 'svchost.exe' - '52' Module(s) have been scannedScan process 'Ati2evxx.exe' - '15' Module(s) have been scannedScan process 'lsass.exe' - '58' Module(s) have been scannedScan process 'services.exe' - '36' Module(s) have been scannedScan process 'winlogon.exe' - '82' Module(s) have been scannedScan process 'csrss.exe' - '14' Module(s) have been scannedScan process 'smss.exe' - '2' Module(s) have been scannedStarting master boot sector scan:Master boot sector HD0 [iNFO] No virus was found!Master boot sector HD1 [iNFO] No virus was found!Master boot sector HD2 [iNFO] No virus was found!Master boot sector HD3 [iNFO] No virus was found!Master boot sector HD4 [iNFO] No virus was found!Master boot sector HD5 [iNFO] No virus was found!Start scanning boot sectors:Boot sector 'C:\' [iNFO] No virus was found!Boot sector 'D:\' [iNFO] No virus was found!Starting to scan executable files (registry).The registry was scanned ( '1060' files ).Starting the file scan:Begin scan in 'C:\' <PRESARIO>Begin scan in 'D:\' <PRESARIO_RP>End of the scan: Sunday, June 12, 2011 00:38Used time: 1:39:15 Hour(s)The scan has been done completely. 14477 Scanned directories 532917 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 532917 Files not concerned 16260 Archives were scanned 0 Warnings 1 Notes 619571 Objects were scanned with rootkit scan 1 Hidden objects were found Link to post Share on other sites More sharing options...
Kenny94 Posted June 12, 2011 ID:440004 Share Posted June 12, 2011 Please download and run UnHide.exe by Grinler.Double-click unhide.exe to run the program. After running it, your files should reappear. Please let us know the result. Link to post Share on other sites More sharing options...
poppy2 Posted June 12, 2011 Author ID:440104 Share Posted June 12, 2011 awesome, that worked! Link to post Share on other sites More sharing options...
Kenny94 Posted June 12, 2011 ID:440120 Share Posted June 12, 2011 There are some older versions of Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.Go to Start > Control Panel > Add/Remove Programs.Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 7.0.9Reboot your computer once Adobe Reader components are removed.Please go to the link below to update.Adobe Reader Uncheck Include in your download (optional Free McAfee Security Scan Plus ) Let me know of any remaining issues with your computer poppy2? Link to post Share on other sites More sharing options...
poppy2 Posted June 12, 2011 Author ID:440155 Share Posted June 12, 2011 got Adobe reader taken care of. Computer seems to be working fine. Any other suggestions? This computer seems to get viruses a lot. I really appreciate your help, Kenny94. Link to post Share on other sites More sharing options...
Kenny94 Posted June 13, 2011 ID:440390 Share Posted June 13, 2011 I'll post some tips on how to keep your PC cleaned.Purge old temporary files. Now that we are done.... Please download TFC by OldTimer to your desktopPlease double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Startbutton to begin the process. Depending on how often you clean tempfiles, execution time should be anywhere from a few seconds to a minuteor two. Let it run uninterrupted to completion.Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.You should keep TFC and run it once a week.Your Computer is CleanSome final items:Follow these steps to uninstall Combofix and tools used in the removal of malwareTo remove all of the tools we used and the files and folders they created, please do the following:Please download OTC.exe by OldTimer:Save it to your Desktop.Double click OTC.exe.Click the CleanUp! button.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.It's a good idea to Flush your System Restore after removing malware and create a new restore point. To SET A NEW RESTORE POINT:1. Go to Start > Programs > Accessories > System Tools and click "System Restore".2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.3. Then go to Start > Run and type: Cleanmgr4. Click "OK".5. Click the "More Options" Tab.6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.Graphics for doing this are in the following links if you need them.How to Create a Restore Point.How to use Cleanmgr.Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresScan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI). This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, and many others are commonly targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to.Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Tips for Speeding Up Your PC Visit My Blog for Malware and Spyware Tips Link to post Share on other sites More sharing options...
poppy2 Posted June 13, 2011 Author ID:440490 Share Posted June 13, 2011 Thanks, again! I will try to follow all your suggestions. Poppy2 Link to post Share on other sites More sharing options...
Staff screen317 Posted June 17, 2011 Staff ID:442023 Share Posted June 17, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts