Jump to content

Windows-XP-Repair infection


Recommended Posts

Currently it appears I am infected with this malware. i had beforehand been uninfected successfully for 2 years+.

I run MSSE for antivirus duties.

Malwarebytes free for malware duties and Spybot SD as a back up.

Windows firewall was active, I run a motorola SBG6580 cable modem/router. It feed a Dlink router that is used as a wireless access point and the 4 point switch.

I use the computer rarely just to check email about once a week or so. Mainly my kids use it for flash gaming wizard 101 etc...

Now I can't do anything. I can get into safe mode but nothing will run. it starts but is immediately shut down.

Where do I go from here?

Thanks for any help.

Link to post
Share on other sites

are you talking about xp spyware 2012? My pc is infected and I can't even open malwarebytes let alone get one the internet. I let you know when I figure it out if you have the same infection

The "helpful" program that comes up as soon as the computer is started is called Windows-XP-Repair. My antivirus is shut down, my spyware/malware programs will not start up. All programs are missing as is all icons on the desktop.

I tried to run the online scanners but they download and install and run for about 30 seconds when they shut down.

It's frustrating as hell. I feel your pain and if I find a solution that works I will let you know as well.

Link to post
Share on other sites

  • Staff

Hi,

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

After you post that, do the following:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Thanks for the help. here are the logs.

DDS

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Administrator at 18:29:48 on 2011-07-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.815 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080109

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080109

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mPolicies-system: DisableTaskMgr = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll

LSP: mswsock.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293765842134

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://173.24.97.252/DvrOcx.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: DhcpNameServer = 68.87.72.134 68.87.77.134

TCP: Interfaces\{BCDD0E19-C637-4953-A5D2-ED3759F6CD6E} : DhcpNameServer = 68.87.72.134 68.87.77.134

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 CrossLoopService;CrossLoop Service;c:\documents and settings\larry denno\local settings\application data\crossloop\CrossLoopService.exe [2011-2-20 560848]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]

S3 tvnserver;TightVNC Server;c:\documents and settings\larry denno\local settings\application data\crossloop\tvnserver.exe [2011-2-20 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-07-05 00:37:05 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-07-05 00:28:06 -------- d--h--w- c:\windows\PIF

2011-07-05 00:26:56 -------- d--h--w- c:\windows\pss

2011-07-05 00:25:09 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2011-06-29 05:25:00 407552 ---ha-w- c:\documents and settings\all users\application data\18079524.exe

2011-06-29 05:15:47 509952 ---ha-w- c:\documents and settings\all users\application data\oYohbioPvgYB.exe

2011-06-29 05:15:35 15872 ----a-w- c:\windows\system32\drivers\1199831782.sys

2011-06-28 16:34:27 7074640 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9bfa3e72-2942-4daf-bab5-63d587092ecb}\mpengine.dll

2011-06-16 02:49:30 105472 ---h--w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-28 02:02:07 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 14:11:30 39984 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ---ha-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ---h--w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ---ha-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ---ha-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ---h--w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ---h--w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ---h--w- c:\windows\system32\drivers\mup.sys

2011-04-12 18:52:54 75040 ---ha-w- c:\windows\system32\WIN2PDFM.DLL

2011-04-12 18:52:54 150816 ---ha-w- c:\windows\system32\WIN2PDFS.DLL

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3320620AS rev.3.ADG -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF780A890]<<

_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0xf7810964]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F88AB8]

3 CLASSPNP[0xF76E4FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x86B00B08]

\Driver\Disk[0x86B77968] -> IRP_MJ_CREATE -> 0xF780A890

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi -> 0x86f03f16

user & kernel MBR OK

Warning: possible MBR rootkit infection !

.

============= FINISH: 18:35:57.85 ===============

TDSS Killer

2011/07/08 18:40:04.0875 2068 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/08 18:40:05.0531 2068 ================================================================================

2011/07/08 18:40:05.0531 2068 SystemInfo:

2011/07/08 18:40:05.0531 2068

2011/07/08 18:40:05.0531 2068 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/08 18:40:05.0531 2068 Product type: Workstation

2011/07/08 18:40:05.0531 2068 ComputerName: SWANK

2011/07/08 18:40:05.0531 2068 UserName:

2011/07/08 18:40:05.0531 2068 Windows directory: C:\WINDOWS

2011/07/08 18:40:05.0531 2068 System windows directory: C:\WINDOWS

2011/07/08 18:40:05.0531 2068 Processor architecture: Intel x86

2011/07/08 18:40:05.0531 2068 Number of processors: 2

2011/07/08 18:40:05.0531 2068 Page size: 0x1000

2011/07/08 18:40:05.0531 2068 Boot type: Normal boot

2011/07/08 18:40:05.0531 2068 ================================================================================

2011/07/08 18:40:20.0984 2068 Initialize success

2011/07/08 18:40:24.0234 0580 ================================================================================

2011/07/08 18:40:24.0234 0580 Scan started

2011/07/08 18:40:24.0234 0580 Mode: Manual;

2011/07/08 18:40:24.0234 0580 ================================================================================

2011/07/08 18:40:25.0468 0580 Suspicious service (NoAccess): 1199831782

2011/07/08 18:40:25.0859 0580 1199831782 (53c3a9bbd1eb737fa89ff86750c47cc4) C:\WINDOWS\system32\drivers\1199831782.sys

2011/07/08 18:40:25.0859 0580 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\1199831782.sys. md5: 53c3a9bbd1eb737fa89ff86750c47cc4

2011/07/08 18:40:25.0875 0580 1199831782 - detected LockedService.Multi.Generic (1)

2011/07/08 18:40:26.0109 0580 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/08 18:40:26.0578 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/08 18:40:26.0953 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/08 18:40:27.0296 0580 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/08 18:40:27.0718 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/08 18:40:28.0468 0580 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/08 18:40:28.0890 0580 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/08 18:40:29.0234 0580 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/08 18:40:29.0437 0580 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/08 18:40:29.0812 0580 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/08 18:40:29.0921 0580 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/08 18:40:30.0078 0580 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/08 18:40:30.0218 0580 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/08 18:40:30.0484 0580 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/08 18:40:30.0703 0580 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/08 18:40:30.0906 0580 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/08 18:40:31.0093 0580 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/08 18:40:31.0343 0580 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/08 18:40:31.0640 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/08 18:40:31.0828 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/08 18:40:32.0515 0580 ati2mtag (f942e79994b3751501c478bf9713d221) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/07/08 18:40:32.0734 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/08 18:40:32.0828 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/08 18:40:32.0921 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/08 18:40:33.0093 0580 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/08 18:40:33.0265 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/08 18:40:33.0328 0580 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/08 18:40:33.0343 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/08 18:40:33.0484 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/08 18:40:33.0546 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/08 18:40:33.0718 0580 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/08 18:40:33.0859 0580 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/08 18:40:34.0015 0580 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/08 18:40:34.0156 0580 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/08 18:40:34.0296 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/08 18:40:34.0468 0580 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

2011/07/08 18:40:34.0578 0580 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/07/08 18:40:34.0671 0580 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/08 18:40:34.0781 0580 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

2011/07/08 18:40:35.0031 0580 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/07/08 18:40:35.0093 0580 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/07/08 18:40:35.0265 0580 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/07/08 18:40:35.0406 0580 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/07/08 18:40:35.0500 0580 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/07/08 18:40:35.0546 0580 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/07/08 18:40:35.0765 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/08 18:40:35.0937 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/08 18:40:36.0140 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/08 18:40:36.0187 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/08 18:40:36.0312 0580 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/08 18:40:36.0406 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/08 18:40:36.0531 0580 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/08 18:40:36.0562 0580 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/08 18:40:36.0640 0580 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/08 18:40:36.0796 0580 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/07/08 18:40:36.0906 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/08 18:40:37.0000 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/08 18:40:37.0140 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/08 18:40:37.0171 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/08 18:40:37.0250 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/08 18:40:37.0625 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/08 18:40:38.0000 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/08 18:40:38.0156 0580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/08 18:40:38.0250 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/08 18:40:38.0343 0580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/08 18:40:38.0421 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/08 18:40:38.0515 0580 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/08 18:40:38.0687 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/08 18:40:38.0843 0580 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/08 18:40:38.0984 0580 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/08 18:40:39.0031 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/08 18:40:39.0203 0580 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

2011/07/08 18:40:39.0546 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/08 18:40:39.0671 0580 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/08 18:40:40.0578 0580 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/08 18:40:40.0828 0580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/08 18:40:40.0921 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/08 18:40:41.0046 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/08 18:40:41.0093 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/08 18:40:41.0171 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/08 18:40:41.0218 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/08 18:40:41.0296 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/08 18:40:41.0359 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/08 18:40:41.0406 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/08 18:40:41.0500 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/08 18:40:41.0625 0580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/08 18:40:41.0765 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/08 18:40:41.0890 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/08 18:40:42.0031 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/08 18:40:42.0078 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/08 18:40:42.0156 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/08 18:40:42.0234 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/08 18:40:42.0281 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/08 18:40:42.0359 0580 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/07/08 18:40:42.0578 0580 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/08 18:40:42.0828 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/08 18:40:43.0015 0580 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/08 18:40:43.0281 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/08 18:40:43.0453 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/08 18:40:43.0609 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/08 18:40:43.0765 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/08 18:40:43.0921 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/08 18:40:44.0000 0580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/08 18:40:44.0078 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/08 18:40:44.0171 0580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/08 18:40:44.0234 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/08 18:40:44.0312 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/08 18:40:44.0500 0580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/08 18:40:44.0812 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/08 18:40:44.0890 0580 NetBT (dffdb7d5d0cf660945cad5863ee3577c) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/08 18:40:44.0890 0580 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: dffdb7d5d0cf660945cad5863ee3577c, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d

2011/07/08 18:40:44.0890 0580 NetBT - detected Rootkit.Win32.ZAccess.c (0)

2011/07/08 18:40:44.0953 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/08 18:40:45.0031 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/08 18:40:45.0187 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/08 18:40:45.0390 0580 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/08 18:40:45.0984 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/08 18:40:46.0093 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/08 18:40:46.0234 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/08 18:40:46.0328 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/08 18:40:46.0390 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/08 18:40:46.0468 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/08 18:40:46.0609 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/08 18:40:46.0671 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/08 18:40:47.0296 0580 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/08 18:40:47.0437 0580 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/08 18:40:47.0593 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/08 18:40:47.0687 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/08 18:40:47.0765 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/08 18:40:47.0843 0580 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/08 18:40:47.0921 0580 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/08 18:40:48.0031 0580 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/08 18:40:48.0093 0580 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/08 18:40:48.0140 0580 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/08 18:40:48.0203 0580 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/08 18:40:48.0406 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/08 18:40:48.0515 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/08 18:40:48.0546 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/08 18:40:48.0609 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/08 18:40:48.0781 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/08 18:40:48.0937 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/08 18:40:49.0078 0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/08 18:40:49.0203 0580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/08 18:40:49.0281 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/08 18:40:49.0968 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/08 18:40:50.0218 0580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/08 18:40:50.0515 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/08 18:40:50.0625 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/08 18:40:50.0921 0580 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/08 18:40:51.0046 0580 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/08 18:40:51.0156 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/08 18:40:51.0312 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/08 18:40:51.0546 0580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/08 18:40:51.0609 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/08 18:40:51.0906 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/08 18:40:52.0015 0580 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/08 18:40:52.0062 0580 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/08 18:40:52.0171 0580 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/08 18:40:52.0250 0580 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/08 18:40:52.0343 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/08 18:40:52.0515 0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/08 18:40:52.0890 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/08 18:40:53.0046 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/08 18:40:53.0109 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/08 18:40:53.0187 0580 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/08 18:40:53.0312 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/08 18:40:53.0453 0580 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/08 18:40:53.0578 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/08 18:40:53.0718 0580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/08 18:40:53.0765 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/08 18:40:53.0828 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/08 18:40:53.0875 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/08 18:40:53.0968 0580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/08 18:40:54.0015 0580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/08 18:40:54.0125 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/08 18:40:54.0203 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/08 18:40:54.0328 0580 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/08 18:40:54.0421 0580 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/08 18:40:54.0484 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/08 18:40:54.0609 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/08 18:40:54.0921 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/08 18:40:55.0125 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/08 18:40:55.0187 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/08 18:40:55.0234 0580 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0

2011/07/08 18:40:55.0250 0580 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR12

2011/07/08 18:40:55.0312 0580 Boot (0x1200) (1a976f425d32d3b58b8ada1a3a2d55ba) \Device\Harddisk0\DR0\Partition0

2011/07/08 18:40:55.0328 0580 Boot (0x1200) (01549038dee12e3c5d2dbb4d785d500f) \Device\Harddisk5\DR12\Partition0

2011/07/08 18:40:55.0328 0580 ================================================================================

2011/07/08 18:40:55.0328 0580 Scan finished

2011/07/08 18:40:55.0328 0580 ================================================================================

2011/07/08 18:40:55.0343 1788 Detected object count: 2

2011/07/08 18:40:55.0343 1788 Actual detected object count: 2

2011/07/08 18:41:34.0500 1788 HKLM\SYSTEM\ControlSet001\services\1199831782 - will be deleted after reboot

2011/07/08 18:41:34.0500 1788 HKLM\SYSTEM\ControlSet002\services\1199831782 - will be deleted after reboot

2011/07/08 18:41:34.0531 1788 C:\WINDOWS\system32\drivers\1199831782.sys - will be deleted after reboot

2011/07/08 18:41:34.0531 1788 LockedService.Multi.Generic(1199831782) - User select action: Delete

2011/07/08 18:41:34.0781 1788 NetBT (dffdb7d5d0cf660945cad5863ee3577c) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/08 18:41:34.0781 1788 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: dffdb7d5d0cf660945cad5863ee3577c, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d

2011/07/08 18:41:34.0968 1788 Backup copy found, using it..

2011/07/08 18:41:35.0046 1788 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot

2011/07/08 18:41:35.0046 1788 Rootkit.Win32.ZAccess.c(NetBT) - User select action: Cure

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Thanks for the help.

I ran the TDSkiller in safe mode. I then ran Stinger from Mcaffee. I ran Microsofts online scanner and seem to be free of the virus/malware.

I booted back up normally and find that after scanning with TDS killer , stinger, a reinstalled malwarebytes that I appear to be free of bad stuff. But my MS Security essentials does not work and I am unable to reinstall it. I will run the program you told me to.

again, thanks for the help.

Link to post
Share on other sites

Sorry about that!! Work travel

ComboFix 11-07-23.03 - 07/23/2011 12:02:23.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.436 [GMT -5:00]

Running from: c:\documents and settings\\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_MSIL\desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-11 02:05 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 02:05 . 2011-07-11 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-11 02:05 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 00:28 . 2011-07-05 00:28 -------- d-----w- c:\windows\PIF

2011-07-05 00:24 . 2011-07-05 00:37 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-10 22:29 . 2004-08-10 17:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-07-08 23:43 . 2004-08-10 17:51 162816 ---ha-w- c:\windows\system32\drivers\netbt.sys

2011-07-08 23:38 . 2004-08-10 17:51 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-28 02:02 . 2011-05-13 02:25 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31 . 2004-08-10 18:02 692736 ---h--w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-10 17:51 151552 ---ha-w- c:\windows\system32\schannel.dll

2011-04-25 16:11 . 2004-08-10 17:51 916480 ---ha-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-10 17:51 43520 ---h--w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-10 17:51 385024 ---h--w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-08-07 . 51B92B39623F5D401A43E58483E2AB55 . 46924 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-05-11 08:06 40048 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2007-07-17 00:48 69632 ---ha-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2007-11-15 14:23 202544 ---ha-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ---ha-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 16:35 221184 ---ha-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 16:37 81920 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 22:23 118784 ---h--w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]

2006-11-08 20:01 49152 ---h--w- c:\windows\system32\ico.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ------w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 14:00 1116920 ---ha-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-17 00:48 16132608 ---ha-w- c:\windows\RTHDCPL.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Larry Denno\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Larry Denno\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5910:TCP"= 5910:TCP:vnc5910

.

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Larry Denno\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/20/2011 7:02 PM 554360]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 10:00 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 10:00 PM 136176]

S3 tvnserver;TightVNC Server;c:\documents and settings\Larry Denno\Local Settings\Application Data\CrossLoop\tvnserver.exe [2/20/2011 7:02 PM 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 03:00]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 03:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080109

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.100

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://173.24.97.252/DvrOcx.cab

FF - ProfilePath - c:\documents and settings\Larry Denno\Application Data\Mozilla\Firefox\Profiles\3d62cnb2.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 12\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Test Pilot: testpilot@labs.mozilla.com - %profile%\extensions\testpilot@labs.mozilla.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-oYohbioPvgYB - c:\documents and settings\All Users\Application Data\oYohbioPvgYB.exe

SafeBoot-06464063.sys

SafeBoot-85331737.sys

SafeBoot-90029403.sys

MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-23 12:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNP429a\0000]

@DACL=(02 0000)

"Service"="1199831782"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\WINSPOOL.DRV

.

Completion time: 2011-07-23 12:08:26

ComboFix-quarantined-files.txt 2011-07-23 17:08

.

Pre-Run: 251,044,597,760 bytes free

Post-Run: 251,556,458,496 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 03C59588DD5531E764B85CEEFE6FF1C0

DDS LOG

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Larry Denno at 12:19:33 on 2011-07-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.484 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Linearteam\WinISD Pro\WinISD.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080109

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293765842134

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://173.24.97.252/DvrOcx.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.100

TCP: Interfaces\{BCDD0E19-C637-4953-A5D2-ED3759F6CD6E} : DhcpNameServer = 192.168.0.100

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\larry denno\application data\mozilla\firefox\profiles\3d62cnb2.default\

FF - plugin: c:\documents and settings\larry denno\application data\mozilla\firefox\profiles\3d62cnb2.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 12\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Test Pilot: testpilot@labs.mozilla.com - %profile%\extensions\testpilot@labs.mozilla.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 CrossLoopService;CrossLoop Service;c:\documents and settings\larry denno\local settings\application data\crossloop\CrossLoopService.exe [2011-2-20 554360]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]

S3 tvnserver;TightVNC Server;c:\documents and settings\larry denno\local settings\application data\crossloop\tvnserver.exe [2011-2-20 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-07-23 17:01:24 -------- d-sha-r- C:\cmdcons

2011-07-23 16:59:49 98816 ----a-w- c:\windows\sed.exe

2011-07-23 16:59:49 518144 ----a-w- c:\windows\SWREG.exe

2011-07-23 16:59:49 256000 ----a-w- c:\windows\PEV.exe

2011-07-23 16:59:49 208896 ----a-w- c:\windows\MBR.exe

2011-07-11 02:05:35 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 02:05:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-11 02:05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-05 00:28:06 -------- d-----w- c:\windows\PIF

2011-07-05 00:26:56 -------- d-----w- c:\windows\pss

.

==================== Find3M ====================

.

2011-07-10 22:29:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-07-08 23:43:32 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-07-08 23:38:56 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-28 02:02:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 12:19:45.29 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

c:\windows\ServicePackFiles\i386\wuauclt.exe | c:\windows\system32\wuauclt.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.