Jump to content

Trojan's and infected with Cycbot.B auto reboot in normal mode


Recommended Posts

Hi guys,

have some problems with my desktop PC (Windows XP SP3, HP Compaq dc5800 Microtower Intel Core 2 Duo CPU E7200 @ 2.53Ghz) after having a look on a dutch iphone website (iphoneclub.nl i think) i had a pop-up with the discription of a sort of virus scanner that would be installed.

So I clicked the X button but still it seemed to install, hmm so the story begun pop-ups of viruses and I had to pay for the scanner etc...

I knew it was a hoax so I started to look on the net with my iphone hence it was impossible to start IE8 without shutting down IE8 auto.

Also started a complete scan of my system with MSE and saw that Cycbot.B was found as virus.

Did a second scan in safe mode and tried to update the virus definitions but it would not work hence I had no internet access anymore.

With the second scan after a session with Spybot SD which found a lot of spyware and deleted these, MSE didn't find any virusses anymore.

Found on the net a guide to clean my registry of these problems so did that and rebooted my system hence .exe files where not able to start.

Did the neccessary to get this working again and did a reboot so windows XP worked fine again in normal mode.

The day after again a pop-up and all hell broke lose again...

Did the same, better i tried to do the same but now access was more restricted in normal mode, system rebooted auto and was unable to access IE8 again.

So back in safe mode to start a new scan with MSE but gave only spyware files same with Spybot SD.

Again did some searching on the net and found this site so used the advice I found installed Super Anti Spyware on my USB stick and started with this which found again 35 entries then did a scan with Malwarebytes Anti-Malware and found 9 entries (see log) then did a reboot back into safe mode and installed Combofix (see log 2).

So after combofix al looked well so I rebooted into normal windows mode but again after a while (everything looked OK) my comp decided to reboot auto again!

Now i'm out of measures to get it back on track.

Again restarted in safe mode an MSE is back on track with the latest definitions (manually installed) and allready after 30min of scanning he found a virus it seems.

Will see after 1h30 what it will be again.

Can be a virus it can spyware i don't know at this moment!

Hope u guys can help me.

Log 1 from Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Databaseversie: 7364

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

3/08/2011 16:27:19

mbam-log-2011-08-03 (16-27-13).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 344430

Verstreken tijd: 54 minuut/minuten, 53 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 7

Registerwaarden geïnfecteerd: 4

Registerdata geïnfecteerd: 3

Mappen geïnfecteerd: 2

Bestanden geïnfecteerd: 20

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

c:\WINDOWS\system32\igfxarts.dll (Trojan.Clicker) -> No action taken.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\Typelib\{5303E828-3A4C-11DE-AC1C-F77F55D89593} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{6494B9BE-3A4C-11DE-91D2-BD8055D89593} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ba8b141-3758-73c4-6edd-ccec2fbfe278} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0ba8b141-3758-73c4-6edd-ccec2fbfe278} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BA8B141-3758-73C4-6EDD-CCEC2FBFE278} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BA8B141-3758-73C4-6EDD-CCEC2FBFE278} (Trojan.BHO) -> No action taken.

Registerwaarden geïnfecteerd:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FraudPack) -> Value: 8DDYX0ZBPZ -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Mappen geïnfecteerd:

c:\documents and settings\all users\application data\00300796 (Rogue.Multiple) -> No action taken.

c:\documents and settings\all users\application data\00317953 (Rogue.Multiple) -> No action taken.

Bestanden geïnfecteerd:

c:\WINDOWS\system32\igfxarts.dll (Trojan.Clicker) -> No action taken.

c:\WINDOWS\Temp\Yxh.exe (Trojan.FraudPack) -> No action taken.

c:\documents and settings\administrator\menu start\programma's\opstarten\ozezsa.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\default user\menu start\programma's\opstarten\abim.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc68997031.txt (Trojan.Agent) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc74281656.txt (Trojan.Hiloti) -> No action taken.

c:\documents and settings\heja\application data\Sun\Java\deployment\cache\6.0\30\59495e1e-42096d09 (Trojan.FakeAlert) -> No action taken.

c:\documents and settings\heja\application data\Sun\Java\deployment\cache\6.0\40\5e157568-123a6ba0 (Trojan.FakeAlert) -> No action taken.

c:\documents and settings\heja\local settings\Temp\0.5140973840670239.exe (Trojan.FakeAlert) -> No action taken.

c:\documents and settings\logmeinremoteuser\menu start\programma's\opstarten\xiqe.exe (Trojan.Agent) -> No action taken.

c:\system volume information\_restore{03fc1e3f-6bed-4081-9d0a-983c1dff58b7}\RP784\A0070087.dll (Trojan.FraudPack) -> No action taken.

c:\WINDOWS\Temp\0.049756836786760905.exe (Trojan.FakeAlert) -> No action taken.

c:\WINDOWS\Temp\Yxf.exe (Trojan.FraudPack) -> No action taken.

c:\WINDOWS\Temp\Yxg.exe (Trojan.FraudPack) -> No action taken.

c:\WINDOWS\Temp\Yxi.exe (Trojan.FraudPack) -> No action taken.

c:\documents and settings\heja\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc149.exe (Trojan.Agent.Gen) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc151.exe (Trojan.Agent.Gen) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc61.exe (Trojan.Agent.Gen) -> No action taken.

c:\documents and settings\heja\application data\Adobe\plugs\mmc74313765.txt (Trojan.Agent.Gen) -> No action taken.

Log 2 Combofix

ComboFix 11-08-03.02 - HeJa 03/08/2011 16:47:51.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1707 [GMT 2:00]

Gestart vanuit: c:\documents and settings\heja\Bureaublad\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\heja\Application Data\Adobe\plugs

c:\documents and settings\heja\Application Data\Adobe\shed

c:\windows\IsUn0413.exe

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

c:\windows\system32\spool\prtprocs\w32x86\ps3200pc.dll

c:\windows\system32\UACsducvpec.db

c:\windows\system32\uactmp.db

c:\windows\system32\UNWISE.EXE

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))

.

.

2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\documents and settings\heja\Application Data\Malwarebytes

2011-08-03 13:26 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-03 13:26 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-03 11:28 . 2011-08-03 11:28 -------- d-----w- c:\documents and settings\heja\Application Data\SUPERAntiSpyware.com

2011-08-03 08:30 . 2011-08-03 08:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl7e77b101.sys

2011-08-02 16:48 . 2011-08-02 16:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslec00ea99.sys

2011-08-02 16:33 . 2011-08-02 16:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl84028b47.sys

2011-08-02 16:28 . 2011-08-02 16:28 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl49ced807.sys

2011-08-02 16:24 . 2011-08-02 16:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl51e348f2.sys

2011-08-02 14:05 . 2011-08-02 14:05 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2011-08-02 14:05 . 2011-08-02 14:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsla5b04687.sys

2011-08-02 13:51 . 2011-08-03 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\eL01602EjLaM01602

2011-08-02 12:23 . 2011-08-02 12:48 -------- d-----w- c:\documents and settings\heja\Application Data\Idtaep

2011-08-01 12:30 . 2011-08-01 12:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslfd65f6a7.sys

2011-08-01 12:29 . 2011-08-01 12:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl79abd119.sys

2011-08-01 12:27 . 2011-08-01 12:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsle344a667.sys

2011-08-01 12:25 . 2011-08-01 12:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl85b7d7fe.sys

2011-08-01 09:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\mpengine.dll

2011-07-26 15:54 . 2011-07-26 15:54 -------- d-----w- c:\program files\iPod

2011-07-26 15:49 . 2011-07-26 15:49 -------- d-----w- c:\program files\Bonjour

2011-07-12 10:29 . 2011-07-12 10:29 -------- d-----w- c:\program files\Apple Software Update

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-17 09:12 . 2010-03-04 18:43 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-07-17 09:12 . 2010-03-04 18:43 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-07-17 09:12 . 2010-03-04 18:43 29568 ----a-w- c:\windows\system32\LMIport.dll

2011-07-17 09:12 . 2010-03-04 18:43 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-07-13 03:39 . 2010-04-28 07:03 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-15 07:38 . 2011-05-30 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 11:35 . 2004-08-04 07:56 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-10 06:06 . 2010-01-16 11:16 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 06:06 . 2010-01-16 11:16 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-10 39408]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XeroxRegistation"="c:\program files\Xer" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-07-17 09:12 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2549946922-1252084344-473038049-1119\Scripts\Logon\0\0]

"Script"=logon.cmd

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [13/10/2008 8:10 36608]

S0 c4e1ab2e44f0220385bb0cbb1c578882;c4e1ab2e44f0220385bb0cbb1c578882;c:\windows\system32\c4e1ab2e44f0220385bb0cbb1c578882.sys --> c:\windows\system32\c4e1ab2e44f0220385bb0cbb1c578882.sys [?]

S1 MpKsl2874f718;MpKsl2874f718;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl2874f718.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl2874f718.sys [?]

S1 MpKsl49ced807;MpKsl49ced807;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl49ced807.sys [2/08/2011 18:28 28752]

S1 MpKsl51e348f2;MpKsl51e348f2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl51e348f2.sys [2/08/2011 18:24 28752]

S1 MpKsl7e77b101;MpKsl7e77b101;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl7e77b101.sys [3/08/2011 10:30 28752]

S1 MpKsl84028b47;MpKsl84028b47;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl84028b47.sys [2/08/2011 18:33 28752]

S1 MpKsl9ce66ac8;MpKsl9ce66ac8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4019D407-07E3-4926-987E-41D4EF1A1A3C}\MpKsl9ce66ac8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4019D407-07E3-4926-987E-41D4EF1A1A3C}\MpKsl9ce66ac8.sys [?]

S1 MpKsld3fe9afa;MpKsld3fe9afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE01D191-048C-4DC6-B7D4-F7C3A9A5B50C}\MpKsld3fe9afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE01D191-048C-4DC6-B7D4-F7C3A9A5B50C}\MpKsld3fe9afa.sys [?]

S1 MpKslec00ea99;MpKslec00ea99;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslec00ea99.sys [2/08/2011 18:48 28752]

S1 SASDIFSV;SASDIFSV;c:\temp\SUPERAntiSpyware\sasdifsv.sys [26/04/2010 17:20 12872]

S1 SASKUTIL;SASKUTIL;c:\temp\SUPERAntiSpyware\SASKUTIL.SYS [26/04/2010 17:20 66632]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [30/09/2010 3:06 169408]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 18:58 136176]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/10/2010 10:03 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]

S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [26/01/2011 12:26 573224]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 18:58 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/08/2011 15:26 41272]

S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [11/08/2008 13:40 13408]

S3 SASENUM;SASENUM;c:\temp\SUPERAntiSpyware\SASENUM.SYS [26/04/2010 17:20 12872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-JACOBS-HeJa.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-28 23:25]

.

2011-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 16:58]

.

2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 16:58]

.

2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = ftp://ftp.ramasoft.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.100.166

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-iTunesHelper - j:\itunes\iTunesHelper.exe

Notify-cfeebcbdeabee - c:\windows\system32\cfeebcbdeabee.dll

AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-03 16:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3250310AS rev.3.AHC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read Een apparaat dat op het systeem is aangesloten, werkt niet.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A66F31B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d7,b9,44,21,d0,2d,48,b2,6b,30,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d7,b9,44,21,d0,2d,48,b2,6b,30,\

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\ACPI\PNP0F13\4&1e368a7a&0\LogConf]

@DACL=(02 0000)

"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\

"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,

00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_046d&Pid_c525&MI_00\7&273c062a&0&0000\LogConf]

@DACL=(02 0000)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(616)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Voltooingstijd: 2011-08-03 17:01:13

ComboFix-quarantined-files.txt 2011-08-03 15:01

.

Pre-Run: 157 403 770 880 bytes beschikbaar

Post-Run: 169 668 648 960 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - C92EFA2FF08F4B08C464E47D2DFBEECF

Cheers,

Hendrick

Link to post
Share on other sites

Did a scan with Rkill meanwhile and found nothing (in safe mode)

Same for Spybot SD, MSE found: Exploit: Java/CVE-2010-0840.EW

Ran SAS again after these and found 2 cookies but there isn't a log file to be found.

Did uncheck the auto restart in config panel so i can find out what is causing the problems.

Hear u soon.

Kind regards,

Hendrick

Link to post
Share on other sites

I did a restart in normal mode and after a couple of minutes it was over and out got a blue screen with the following message:

There is a problem found. Windows is shutdown to prevent damage.

If this is the first time that u see this stoperror screen, u have to restart the computer. If u see the screen another time u can do the following:

See if there is enough HD space. Stop all drivers, etc...

Tech info:

*** STOP: 0x0000008E (0xc0000005, 0xF72F371D, 0XF7566748, 0x00000000)

*** atapi.sys - Address F72F371D base at F72E9000, Datestamp 4802539d

Busy with fysical memorydump

The fysical memorydump is finished.

Please take contact with your systemadmin.

Sorry for my translation as this was in dutch.

Hoping for a quick reply since my hands are in my hair after 3 day's of hasle.

Thx upfront!

Kind regards,

Hendrick

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Reboot. Update MBAM, run a Quick Scan, and post its log.

Link to post
Share on other sites

Hi Screen317, thx for the reply!

Here are the requested files:

TDSSKiller:

2011/08/06 10:12:46.0617 5356 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29

2011/08/06 10:12:46.0695 5356 ================================================================================

2011/08/06 10:12:46.0695 5356 SystemInfo:

2011/08/06 10:12:46.0695 5356

2011/08/06 10:12:46.0695 5356 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/06 10:12:46.0695 5356 Product type: Workstation

2011/08/06 10:12:46.0695 5356 ComputerName: PC-HP

2011/08/06 10:12:46.0695 5356 UserName: HeJa

2011/08/06 10:12:46.0695 5356 Windows directory: C:\WINDOWS

2011/08/06 10:12:46.0695 5356 System windows directory: C:\WINDOWS

2011/08/06 10:12:46.0695 5356 Processor architecture: Intel x86

2011/08/06 10:12:46.0695 5356 Number of processors: 2

2011/08/06 10:12:46.0695 5356 Page size: 0x1000

2011/08/06 10:12:46.0695 5356 Boot type: Normal boot

2011/08/06 10:12:46.0695 5356 ================================================================================

2011/08/06 10:12:49.0226 5356 Initialize success

2011/08/06 10:12:53.0211 4932 ================================================================================

2011/08/06 10:12:53.0211 4932 Scan started

2011/08/06 10:12:53.0211 4932 Mode: Manual;

2011/08/06 10:12:53.0211 4932 ================================================================================

2011/08/06 10:12:54.0664 4932 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/08/06 10:12:54.0727 4932 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/06 10:12:54.0758 4932 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/06 10:12:54.0789 4932 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/08/06 10:12:54.0836 4932 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/08/06 10:12:54.0836 4932 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/08/06 10:12:54.0883 4932 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/08/06 10:12:54.0961 4932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/08/06 10:12:55.0023 4932 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/08/06 10:12:55.0070 4932 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/08/06 10:12:55.0086 4932 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/08/06 10:12:55.0133 4932 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys

2011/08/06 10:12:55.0164 4932 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys

2011/08/06 10:12:55.0320 4932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/06 10:12:55.0477 4932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/06 10:12:55.0711 4932 ati2mtag (323b30faae1f544a549ebbbd837ed625) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/08/06 10:12:56.0430 4932 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys

2011/08/06 10:12:56.0508 4932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/06 10:12:56.0586 4932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/06 10:12:56.0648 4932 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

2011/08/06 10:12:56.0961 4932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/06 10:12:57.0008 4932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/06 10:12:57.0086 4932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/06 10:12:57.0117 4932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/06 10:12:57.0320 4932 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys

2011/08/06 10:12:57.0430 4932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/06 10:12:57.0492 4932 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/06 10:12:57.0570 4932 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/06 10:12:57.0602 4932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/06 10:12:57.0649 4932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/06 10:12:57.0711 4932 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/08/06 10:12:57.0727 4932 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/08/06 10:12:57.0758 4932 dot4usb (f48841c737d7dc9610bf5f49a76c2ed1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2011/08/06 10:12:57.0805 4932 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/08/06 10:12:57.0852 4932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/06 10:12:57.0867 4932 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/08/06 10:12:57.0945 4932 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/08/06 10:12:58.0024 4932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/06 10:12:58.0102 4932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/06 10:12:58.0149 4932 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/06 10:12:58.0180 4932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/08/06 10:12:58.0227 4932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/06 10:12:58.0258 4932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/06 10:12:58.0274 4932 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/06 10:12:58.0336 4932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/06 10:12:58.0367 4932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/06 10:12:58.0430 4932 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys

2011/08/06 10:12:58.0508 4932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/06 10:12:58.0586 4932 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys

2011/08/06 10:12:58.0711 4932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/06 10:12:58.0820 4932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/06 10:12:58.0914 4932 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/06 10:12:58.0977 4932 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/08/06 10:12:59.0008 4932 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/08/06 10:12:59.0024 4932 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/08/06 10:12:59.0039 4932 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/08/06 10:12:59.0070 4932 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/08/06 10:12:59.0086 4932 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/08/06 10:12:59.0102 4932 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2011/08/06 10:12:59.0117 4932 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2011/08/06 10:12:59.0133 4932 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2011/08/06 10:12:59.0149 4932 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/08/06 10:12:59.0164 4932 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/08/06 10:12:59.0258 4932 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/08/06 10:12:59.0289 4932 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/08/06 10:12:59.0305 4932 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2011/08/06 10:12:59.0320 4932 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2011/08/06 10:12:59.0492 4932 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/08/06 10:12:59.0711 4932 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/08/06 10:12:59.0805 4932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/06 10:12:59.0852 4932 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/08/06 10:12:59.0883 4932 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/06 10:12:59.0930 4932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/06 10:12:59.0961 4932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/06 10:12:59.0992 4932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/06 10:13:00.0039 4932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/06 10:13:00.0055 4932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/06 10:13:00.0102 4932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/06 10:13:00.0149 4932 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/06 10:13:00.0164 4932 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/06 10:13:00.0180 4932 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/08/06 10:13:00.0211 4932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/06 10:13:00.0274 4932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/06 10:13:00.0399 4932 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2011/08/06 10:13:00.0430 4932 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/08/06 10:13:00.0492 4932 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/08/06 10:13:00.0570 4932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/06 10:13:00.0617 4932 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/06 10:13:00.0664 4932 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/06 10:13:00.0711 4932 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/06 10:13:00.0774 4932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/06 10:13:00.0805 4932 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/08/06 10:13:01.0055 4932 MpKsl57270235 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C0113C7-41DF-4995-8E69-EDF6EAA98989}\MpKsl57270235.sys

2011/08/06 10:13:01.0336 4932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/06 10:13:01.0383 4932 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/06 10:13:01.0399 4932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/06 10:13:01.0445 4932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/06 10:13:01.0461 4932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/06 10:13:01.0477 4932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/06 10:13:01.0539 4932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/06 10:13:01.0586 4932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/06 10:13:01.0649 4932 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/06 10:13:01.0711 4932 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/06 10:13:01.0742 4932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/06 10:13:01.0774 4932 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/06 10:13:02.0008 4932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/06 10:13:02.0102 4932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/06 10:13:02.0117 4932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/06 10:13:02.0149 4932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/06 10:13:02.0164 4932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/06 10:13:02.0242 4932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/06 10:13:02.0274 4932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/06 10:13:02.0289 4932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/06 10:13:02.0336 4932 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/08/06 10:13:02.0383 4932 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/06 10:13:02.0414 4932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/06 10:13:02.0492 4932 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/06 10:13:02.0508 4932 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/06 10:13:02.0555 4932 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/06 10:13:02.0649 4932 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/06 10:13:02.0852 4932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/06 10:13:02.0867 4932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/06 10:13:02.0914 4932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/06 10:13:02.0946 4932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/06 10:13:03.0117 4932 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys

2011/08/06 10:13:03.0196 4932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/06 10:13:03.0258 4932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/06 10:13:03.0274 4932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/06 10:13:03.0289 4932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/06 10:13:03.0352 4932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/06 10:13:03.0352 4932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/06 10:13:03.0383 4932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/06 10:13:03.0399 4932 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/06 10:13:03.0446 4932 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/06 10:13:03.0524 4932 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\TEMP\SUPERAntiSpyware\SASDIFSV.SYS

2011/08/06 10:13:03.0555 4932 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\TEMP\SUPERAntiSpyware\SASENUM.SYS

2011/08/06 10:13:03.0571 4932 SASKUTIL (67d2688756dd304af655349baad82bff) C:\TEMP\SUPERAntiSpyware\SASKUTIL.SYS

2011/08/06 10:13:03.0711 4932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/06 10:13:03.0758 4932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/06 10:13:03.0789 4932 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/06 10:13:03.0836 4932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/08/06 10:13:03.0914 4932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/06 10:13:03.0930 4932 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/06 10:13:03.0977 4932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/06 10:13:04.0086 4932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/06 10:13:04.0102 4932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/06 10:13:04.0164 4932 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/08/06 10:13:04.0164 4932 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/08/06 10:13:04.0211 4932 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2011/08/06 10:13:04.0446 4932 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/08/06 10:13:04.0539 4932 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/08/06 10:13:04.0586 4932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/06 10:13:04.0649 4932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/06 10:13:04.0711 4932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/06 10:13:04.0742 4932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/06 10:13:04.0774 4932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/06 10:13:04.0836 4932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/06 10:13:05.0102 4932 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/08/06 10:13:05.0149 4932 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/08/06 10:13:05.0211 4932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/06 10:13:05.0274 4932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/06 10:13:05.0305 4932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/06 10:13:05.0352 4932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/06 10:13:05.0524 4932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/06 10:13:05.0664 4932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/06 10:13:05.0680 4932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/06 10:13:05.0696 4932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/08/06 10:13:05.0727 4932 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/08/06 10:13:05.0774 4932 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/06 10:13:05.0789 4932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/06 10:13:05.0836 4932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/06 10:13:05.0930 4932 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/08/06 10:13:06.0149 4932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/06 10:13:06.0211 4932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/06 10:13:06.0242 4932 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0

2011/08/06 10:13:06.0258 4932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR10

2011/08/06 10:13:07.0821 4932 Boot (0x1200) (c37f3fc56f359a5e58500518cb734903) \Device\Harddisk0\DR0\Partition0

2011/08/06 10:13:07.0821 4932 Boot (0x1200) (44b12409bcc7b9ba9fcdae196d93a9f2) \Device\Harddisk5\DR10\Partition0

2011/08/06 10:13:07.0836 4932 ================================================================================

2011/08/06 10:13:07.0836 4932 Scan finished

2011/08/06 10:13:07.0836 4932 ================================================================================

2011/08/06 10:13:07.0836 1460 Detected object count: 0

2011/08/06 10:13:07.0836 1460 Actual detected object count: 0

2011/08/06 10:13:13.0602 5616 Deinitialize success

MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Databaseversie: 7392

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/08/2011 11:57:28

mbam-log-2011-08-06 (11-57-28).txt

Scantype: Snelle scan

Objecten gescand: 196522

Verstreken tijd: 7 minuut/minuten, 11 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

I did this all in normal mode with combofix still installed (this on a need 2 know basis) also auto reboot is enabled (My comp/SystemProperties/Advanced/Startup&Restartsettings/) so it isn't possible for windows to let it reboot my comp on it's own like it did in the past.

It just feels that my comp is slower than before...

My comp looks now clean I think...

Kind regards,

Hendrick

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Hi screen317, thx again for the help!

Here you have the scan log of ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=49a382360bde5040a24e1cdf8d952343

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-03 09:37:56

# local_time=2011-08-03 11:37:56 (+0100, Romance (zomertijd))

# country="Belgium"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 43924713 43924713 0 0

# compatibility_mode=5891 16776550 42 87 4039 24452385 0 0

# compatibility_mode=8192 67108863 100 0 147 147 0 0

# scanned=121191

# found=8

# cleaned=8

# scan_time=3155

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075133.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075134.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075135.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=49a382360bde5040a24e1cdf8d952343

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-03 10:53:00

# local_time=2011-08-04 12:53:00 (+0100, Romance (zomertijd))

# country="Belgium"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 43929234 43929234 0 0

# compatibility_mode=5891 16776550 42 87 8560 24456906 0 0

# compatibility_mode=8192 67108863 100 0 4668 4668 0 0

# scanned=121190

# found=0

# cleaned=0

# scan_time=3138

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=49a382360bde5040a24e1cdf8d952343

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-04 12:37:56

# local_time=2011-08-04 02:37:56 (+0100, Romance (zomertijd))

# country="Belgium"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 43933799 43933799 0 0

# compatibility_mode=5891 16776533 42 87 569 24461471 0 0

# compatibility_mode=8192 67108863 100 0 9233 9233 0 0

# scanned=112374

# found=0

# cleaned=0

# scan_time=4880

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=49a382360bde5040a24e1cdf8d952343

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-10 08:19:34

# local_time=2011-08-10 10:19:34 (+0100, Romance (zomertijd))

# country="Belgium"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 44518972 44518972 0 0

# compatibility_mode=5891 16776533 42 87 28545 25046644 0 0

# compatibility_mode=8192 67108863 100 0 594406 594406 0 0

# scanned=460291

# found=3

# cleaned=3

# scan_time=9008

J:\Backup\Backup Pc\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

J:\Backup 27-10-2005\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\UX47KKHD\mysearchnow[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

J:\Backup 27-10-2005\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\MPTE3QL8\mysearchnow[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Security Check:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

ESET Online Scanner v3

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 2

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

It seems that my external HD (J:\) had a virus, i have to mention that when I did the first scan with this scanner a week ago this drive was not connected so now it found some threats which MSE didn't find.

Kind regards,

Hendrick

ps comp still looks & feels slow...

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.0

Adobe Flash Player

ESET Online Scanner v3

Java™ 6 Update 2

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Link to post
Share on other sites

  • Staff

Looks like the biggest issue is that your hard drive is very fragmented.

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.