Jump to content

Removed malware but comp still unusable


Recommended Posts

I picked up a Trojan a couple of days ago and the following happened:

Machine shut down, then was unable to re-boot, being trapped in a loop, unable to load the os. We disconnected all drives except the C and were able to finally boot after disconnecting from the network. Mbam was able to remove the malware. It had set firefox to a proxy setting and ie8 was redirecting as well...changed all those settings, and it seemed that the battle was won, as I was able to boot normally (if perhaps a bit slow).

We then reconnected the drives and that set us back to square one...cannot boot with the drives connected. Last night after disconnecting the drives again, I ran HouseCall, which found NO malware, but Avast keeps catching malware trying to get in. I would just reinstall the OS, but at this point I don't know if there is malware on the other drives :-(. Here is what mbam caught:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 7569

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

8/30/2011 3:11:15 PM

mbam-log-2011-08-30 (15-11-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 235866

Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\Documents and Settings\Liz\Application Data\Microsoft\conhost.exe (Trojan.Agent) -> Failed to unload process.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver (PUM.Bad.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Liz\Application Data\Microsoft\conhost.exe (Trojan.Agent) -> Delete on reboot.

Subsequent mbam scans are clean. Thanks in advance for any help.

P.S. Sorry, forgot to add...I don't know if defogger worked, because it never asked for a reboot and the "disable" window stayed the desktop.

Link to post
Share on other sites

Thank you screen317 for your help

I have updated and run mbam and here is the log:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 7642

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

9/3/2011 10:37:58 AM

mbam-log-2011-09-03 (10-37-58).txt

Scan type: Quick scan

Objects scanned: 171254

Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I also d/l DDS and here is it's log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Liz at 10:43:03 on 2011-09-03

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1402 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Sygate\SPF\smc.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.sygate.com/swat/support/spf50_reg.htm

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui

mRun: [securDisc] c:\program files\nero\nero 7\incd\NBHGui.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

dRun: [lpc] rundll32.exe "c:\documents and settings\liz\application data\remote\srjmh47.dll",RegisterDll

StartupFolder: c:\docume~1\liz\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE

StartupFolder: c:\documents and settings\liz\start menu\programs\startup\PowerReg Scheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: aol.com\free

TCP: Interfaces\{7EB5D41B-9A63-430D-B471-96F9CBA271B9} : NameServer = 192.168.254.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\liz\application data\mozilla\firefox\profiles\dlx4dmml.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57717

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-19 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-19 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-18 303952]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-18 20824]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-4-7 11520]

S4 vsdatant;vsdatant; [x]

.

=============== File Associations ===============

.

txtfile=c:\windows\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-31 12:21:46 -------- d-----w- c:\documents and settings\liz\application data\Remote

2011-08-30 19:56:22 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-30 19:56:22 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-25 21:29:19 -------- d-----w- c:\program files\Everything

2011-08-24 13:03:27 -------- d-----w- c:\documents and settings\liz\application data\pdftoepub

2011-08-24 13:03:09 -------- d-----w- c:\program files\PDFtoEPUB

.

==================== Find3M ====================

.

2011-08-31 12:01:54 69632 ----a-w- c:\windows\system32\realbap1.dll

2011-08-31 12:01:48 45568 ----a-w- c:\windows\system32\realbsf1.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3500830AS rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A67B4D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6817d0]; MOV EAX, [0x8a68184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x8A7812C0]

3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E19BC] -> \Device\00000071[0x8A6A69E8]

5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E19BC] -> [0x8A72AD98]

\Driver\atapi[0x8A728F38] -> IRP_MJ_CREATE -> 0x8A67B4D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A67B31B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 10:44:11.54 ===============

I cannot ordinarily connect to the internet anymore, since, whenever I do, I get hammered with malicious URL's

Link to post
Share on other sites

  • Staff

Malwarebytes' Anti-Malware 1.45

Update again and ensure that you get the program update as well. The latest version 1.51.1

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Thanks screen 317, I did not know about the new version. I bought mbam a while ago and have updated it regularily, but was not aware of newer versions.

I have d/l the 1.51 and done a quick scan...here is the log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7655

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

9/5/2011 10:27:43 AM

mbam-log-2011-09-05 (10-27-17).txt

Scan type: Quick scan

Objects scanned: 173558

Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lpc (Trojan.Agent) -> Value: lpc -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Liz\application data\Remote\srjmh47.dll (Trojan.Agent) -> No action taken.

This is the log right after the scan....my mbam log (in the mbam log file) stated that all threats were quarantined and deleted successfully.

and here is the killer log:

2011/09/05 10:42:11.0859 3584 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09

2011/09/05 10:42:13.0859 3584 ================================================================================

2011/09/05 10:42:13.0859 3584 SystemInfo:

2011/09/05 10:42:13.0859 3584

2011/09/05 10:42:13.0859 3584 OS Version: 5.1.2600 ServicePack: 2.0

2011/09/05 10:42:13.0859 3584 Product type: Workstation

2011/09/05 10:42:13.0859 3584 ComputerName: LACEY

2011/09/05 10:42:13.0859 3584 UserName: Liz

2011/09/05 10:42:13.0859 3584 Windows directory: C:\WINDOWS

2011/09/05 10:42:13.0859 3584 System windows directory: C:\WINDOWS

2011/09/05 10:42:13.0859 3584 Processor architecture: Intel x86

2011/09/05 10:42:13.0859 3584 Number of processors: 2

2011/09/05 10:42:13.0859 3584 Page size: 0x1000

2011/09/05 10:42:13.0859 3584 Boot type: Normal boot

2011/09/05 10:42:13.0859 3584 ================================================================================

2011/09/05 10:42:14.0515 3584 Initialize success

2011/09/05 10:42:33.0312 3936 ================================================================================

2011/09/05 10:42:33.0312 3936 Scan started

2011/09/05 10:42:33.0312 3936 Mode: Manual;

2011/09/05 10:42:33.0312 3936 ================================================================================

2011/09/05 10:42:36.0265 3936 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/09/05 10:42:36.0406 3936 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/05 10:42:36.0437 3936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/05 10:42:36.0578 3936 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/09/05 10:42:36.0640 3936 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/09/05 10:42:37.0312 3936 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2011/09/05 10:42:37.0484 3936 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/09/05 10:42:37.0546 3936 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/09/05 10:42:37.0750 3936 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/09/05 10:42:37.0890 3936 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2011/09/05 10:42:37.0968 3936 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/09/05 10:42:38.0000 3936 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/05 10:42:38.0078 3936 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/05 10:42:38.0187 3936 AtcL002 (07ed1101f574b93a6312bf5d4241b41a) C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

2011/09/05 10:42:38.0343 3936 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/05 10:42:38.0453 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/05 10:42:38.0546 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/05 10:42:38.0656 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/05 10:42:38.0687 3936 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/05 10:42:38.0765 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/05 10:42:38.0796 3936 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/05 10:42:38.0828 3936 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/05 10:42:38.0921 3936 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/09/05 10:42:39.0093 3936 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/05 10:42:39.0156 3936 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/05 10:42:39.0218 3936 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/05 10:42:39.0265 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/05 10:42:39.0296 3936 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/05 10:42:39.0328 3936 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/05 10:42:39.0375 3936 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/09/05 10:42:39.0421 3936 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/05 10:42:39.0437 3936 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/09/05 10:42:39.0468 3936 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/05 10:42:39.0515 3936 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/05 10:42:39.0562 3936 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/09/05 10:42:39.0625 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/05 10:42:39.0656 3936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/05 10:42:39.0718 3936 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/05 10:42:39.0796 3936 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/05 10:42:39.0843 3936 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/05 10:42:39.0906 3936 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/05 10:42:39.0968 3936 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/05 10:42:40.0109 3936 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/09/05 10:42:40.0875 3936 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/05 10:42:40.0921 3936 InCDfs (544f76e71f026099a563c202e2e4a341) C:\WINDOWS\system32\drivers\InCDFs.sys

2011/09/05 10:42:40.0937 3936 InCDPass (13708047b3988ac50e81e524ac32edbe) C:\WINDOWS\system32\drivers\InCDPass.sys

2011/09/05 10:42:40.0968 3936 InCDrec (182edee6cfaeaf5174ae6e6d714cf778) C:\WINDOWS\system32\drivers\InCDrec.sys

2011/09/05 10:42:40.0984 3936 incdrm (367f3d160e7129f057838a341a5339b2) C:\WINDOWS\system32\drivers\InCDRm.sys

2011/09/05 10:42:41.0171 3936 IntcAzAudAddService (915ce2a58c6917e3c53be1e91fa66ba8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/05 10:42:41.0218 3936 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/05 10:42:41.0265 3936 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/05 10:42:41.0312 3936 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/09/05 10:42:41.0359 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/05 10:42:41.0375 3936 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/05 10:42:41.0406 3936 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/05 10:42:41.0453 3936 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/05 10:42:41.0500 3936 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/05 10:42:41.0562 3936 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/05 10:42:41.0656 3936 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/05 10:42:41.0703 3936 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/05 10:42:41.0734 3936 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/05 10:42:41.0843 3936 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/09/05 10:42:41.0906 3936 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/09/05 10:42:41.0953 3936 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/09/05 10:42:41.0984 3936 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/05 10:42:42.0015 3936 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/09/05 10:42:42.0093 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/05 10:42:42.0156 3936 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/05 10:42:42.0187 3936 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/05 10:42:42.0203 3936 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/05 10:42:42.0265 3936 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/05 10:42:42.0281 3936 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/05 10:42:42.0312 3936 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/05 10:42:42.0343 3936 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/05 10:42:42.0375 3936 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/05 10:42:42.0390 3936 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/05 10:42:42.0437 3936 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/05 10:42:42.0468 3936 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/05 10:42:42.0500 3936 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/05 10:42:42.0515 3936 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/05 10:42:42.0609 3936 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/05 10:42:42.0656 3936 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/05 10:42:42.0687 3936 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/05 10:42:42.0734 3936 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/05 10:42:42.0750 3936 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/05 10:42:42.0781 3936 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/05 10:42:42.0812 3936 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/05 10:42:42.0859 3936 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/05 10:42:42.0937 3936 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/05 10:42:42.0968 3936 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/05 10:42:43.0015 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/05 10:42:43.0062 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/05 10:42:43.0093 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/05 10:42:43.0187 3936 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/09/05 10:42:43.0234 3936 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/05 10:42:43.0250 3936 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/05 10:42:43.0281 3936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/05 10:42:43.0312 3936 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/05 10:42:43.0343 3936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/05 10:42:43.0375 3936 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/05 10:42:43.0468 3936 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys

2011/09/05 10:42:43.0687 3936 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/09/05 10:42:43.0750 3936 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/05 10:42:43.0796 3936 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/05 10:42:43.0812 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/05 10:42:43.0859 3936 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/09/05 10:42:44.0015 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/05 10:42:44.0046 3936 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/05 10:42:44.0078 3936 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/05 10:42:44.0125 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/05 10:42:44.0156 3936 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/05 10:42:44.0171 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/05 10:42:44.0218 3936 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/05 10:42:44.0312 3936 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/05 10:42:44.0406 3936 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/05 10:42:44.0515 3936 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/05 10:42:44.0546 3936 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/05 10:42:44.0593 3936 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/05 10:42:44.0640 3936 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/05 10:42:44.0703 3936 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/05 10:42:44.0765 3936 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/05 10:42:44.0796 3936 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/05 10:42:44.0843 3936 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/05 10:42:44.0953 3936 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/05 10:42:44.0984 3936 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/05 10:42:45.0015 3936 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/05 10:42:45.0218 3936 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/05 10:42:45.0296 3936 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/05 10:42:45.0359 3936 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/05 10:42:45.0406 3936 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/05 10:42:45.0468 3936 Teefer (04906f0072903bd0280791a562596b95) C:\WINDOWS\system32\Drivers\Teefer.sys

2011/09/05 10:42:45.0546 3936 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/05 10:42:45.0609 3936 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/05 10:42:45.0656 3936 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/05 10:42:45.0703 3936 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/05 10:42:45.0734 3936 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/05 10:42:45.0765 3936 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/05 10:42:45.0796 3936 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/05 10:42:45.0843 3936 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/05 10:42:45.0859 3936 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/05 10:42:45.0890 3936 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/09/05 10:42:45.0921 3936 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/05 10:42:45.0968 3936 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/05 10:42:46.0000 3936 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2011/09/05 10:42:46.0046 3936 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/05 10:42:46.0093 3936 wg3n (038ad5561af23bc9bba3d624daf311f0) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys

2011/09/05 10:42:46.0125 3936 wg4n (266aa247c92f5d202a9cc633142ca425) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys

2011/09/05 10:42:46.0140 3936 wg5n (c2a06a1673391203c023de8bc60927bc) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys

2011/09/05 10:42:46.0156 3936 wg6n (2e94e4ef8d985be291cb4573c5dfca35) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys

2011/09/05 10:42:46.0250 3936 wpsdrvnt (9eb103f5652c9253bad58350aede476d) C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2011/09/05 10:42:46.0531 3936 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/05 10:42:46.0593 3936 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/09/05 10:42:46.0593 3936 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/09/05 10:42:46.0609 3936 MBR (0x1B8) (306add9cc3098b7cedfd918955cd6731) \Device\Harddisk1\DR4

2011/09/05 10:42:46.0609 3936 \Device\Harddisk1\DR4 - detected Backdoor.Win32.Sinowal.kmy (0)

2011/09/05 10:42:46.0609 3936 Boot (0x1200) (4f1cd2d2601736911c3c2f2c1d24d594) \Device\Harddisk0\DR0\Partition0

2011/09/05 10:42:46.0640 3936 Boot (0x1200) (6da653e671361b2437dda0cdba03a28c) \Device\Harddisk0\DR0\Partition1

2011/09/05 10:42:46.0671 3936 Boot (0x1200) (dc09798aab97c904450119ce795c9813) \Device\Harddisk0\DR0\Partition2

2011/09/05 10:42:46.0671 3936 Boot (0x1200) (1d4f677201c3da9a48c026b16efbcf2b) \Device\Harddisk1\DR4\Partition0

2011/09/05 10:42:46.0687 3936 ================================================================================

2011/09/05 10:42:46.0687 3936 Scan finished

2011/09/05 10:42:46.0687 3936 ================================================================================

2011/09/05 10:42:46.0687 3924 Detected object count: 2

2011/09/05 10:42:46.0687 3924 Actual detected object count: 2

2011/09/05 10:44:13.0015 3924 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/09/05 10:44:13.0015 3924 \Device\Harddisk0\DR0 - ok

2011/09/05 10:44:13.0015 3924 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/09/05 10:44:13.0046 3924 \Device\Harddisk1\DR4 (Backdoor.Win32.Sinowal.kmy) - cured

2011/09/05 10:44:13.0046 3924 \Device\Harddisk1\DR4 - ok

2011/09/05 10:44:13.0046 3924 Backdoor.Win32.Sinowal.kmy(\Device\Harddisk1\DR4) - User select action: Cure

2011/09/05 10:44:24.0968 0516 Deinitialize success

The program asked for a reboot, but then was unable to shut down. I waited a good long while then hit the reset button.

I just scanned again with the TDSS and it seems this

\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

\Device\Harddisk0\DR0 - ok

remained...I will attempt a second reboot, and if unsuccessful again, will report back.

Link to post
Share on other sites

Hi, thanks for the help...here are the requested logs:

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7674

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

9/7/2011 11:25:00 PM

mbam-log-2011-09-07 (23-25-00).txt

Scan type: Quick scan

Objects scanned: 177140

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----------------------

DSS log

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Liz at 23:27:44 on 2011-09-07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1205 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Sygate\SPF\smc.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Calibre2\calibre.exe

C:\Program Files\Calibre2\calibre-parallel.exe

C:\Program Files\Calibre2\calibre-parallel.exe

C:\Program Files\Calibre2\calibre-parallel.exe

C:\Program Files\Calibre2\calibre-parallel.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.sygate.com/swat/support/spf50_reg.htm

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui

mRun: [securDisc] c:\program files\nero\nero 7\incd\NBHGui.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\liz\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE

StartupFolder: c:\documents and settings\liz\start menu\programs\startup\PowerReg Scheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: aol.com\free

TCP: Interfaces\{7EB5D41B-9A63-430D-B471-96F9CBA271B9} : NameServer = 192.168.254.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\liz\application data\mozilla\firefox\profiles\dlx4dmml.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57717

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-19 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-19 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-5 366640]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-27 40384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22712]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-4-7 11520]

S3 73592422;73592422; [x]

S4 vsdatant;vsdatant; [x]

.

=============== File Associations ===============

.

txtfile=c:\windows\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-09-05 14:20:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-05 14:20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 14:20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-31 12:21:46 -------- d-----w- c:\documents and settings\liz\application data\Remote

2011-08-30 19:56:22 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-30 19:56:22 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-25 21:29:19 -------- d-----w- c:\program files\Everything

2011-08-24 13:03:27 -------- d-----w- c:\documents and settings\liz\application data\pdftoepub

2011-08-24 13:03:09 -------- d-----w- c:\program files\PDFtoEPUB

.

==================== Find3M ====================

.

2011-08-31 12:01:54 69632 ----a-w- c:\windows\system32\realbap1.dll

2011-08-31 12:01:48 45568 ----a-w- c:\windows\system32\realbsf1.dll

.

============= FINISH: 23:27:58.36 ===============

------------------------------------------------------------------------------------------------------------

TDSSKiller log

2011/09/07 23:31:40.0396 6392 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/07 23:31:42.0396 6392 ================================================================================

2011/09/07 23:31:42.0396 6392 SystemInfo:

2011/09/07 23:31:42.0396 6392

2011/09/07 23:31:42.0396 6392 OS Version: 5.1.2600 ServicePack: 2.0

2011/09/07 23:31:42.0396 6392 Product type: Workstation

2011/09/07 23:31:42.0396 6392 ComputerName: LACEY

2011/09/07 23:31:42.0396 6392 UserName: Liz

2011/09/07 23:31:42.0396 6392 Windows directory: C:\WINDOWS

2011/09/07 23:31:42.0396 6392 System windows directory: C:\WINDOWS

2011/09/07 23:31:42.0396 6392 Processor architecture: Intel x86

2011/09/07 23:31:42.0396 6392 Number of processors: 2

2011/09/07 23:31:42.0396 6392 Page size: 0x1000

2011/09/07 23:31:42.0396 6392 Boot type: Normal boot

2011/09/07 23:31:42.0396 6392 ================================================================================

2011/09/07 23:31:54.0662 6392 Initialize success

2011/09/07 23:32:13.0927 6484 ================================================================================

2011/09/07 23:32:13.0927 6484 Scan started

2011/09/07 23:32:13.0927 6484 Mode: Manual;

2011/09/07 23:32:13.0927 6484 ================================================================================

2011/09/07 23:32:14.0849 6484 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/09/07 23:32:14.0943 6484 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/07 23:32:14.0974 6484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/07 23:32:15.0052 6484 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/09/07 23:32:15.0083 6484 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/09/07 23:32:15.0302 6484 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2011/09/07 23:32:15.0349 6484 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/09/07 23:32:15.0380 6484 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/09/07 23:32:15.0412 6484 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/09/07 23:32:15.0443 6484 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2011/09/07 23:32:15.0458 6484 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/09/07 23:32:15.0490 6484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/07 23:32:15.0521 6484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/07 23:32:15.0552 6484 AtcL002 (07ed1101f574b93a6312bf5d4241b41a) C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

2011/09/07 23:32:15.0599 6484 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/07 23:32:15.0630 6484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/07 23:32:15.0662 6484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/07 23:32:15.0724 6484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/07 23:32:15.0787 6484 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/07 23:32:15.0833 6484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/07 23:32:15.0865 6484 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/07 23:32:15.0880 6484 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/07 23:32:15.0927 6484 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/09/07 23:32:16.0021 6484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/07 23:32:16.0068 6484 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/07 23:32:16.0083 6484 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/07 23:32:16.0115 6484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/07 23:32:16.0146 6484 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/07 23:32:16.0193 6484 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/07 23:32:16.0240 6484 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/09/07 23:32:16.0271 6484 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/07 23:32:16.0302 6484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/09/07 23:32:16.0318 6484 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/07 23:32:16.0333 6484 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/07 23:32:16.0365 6484 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/09/07 23:32:16.0380 6484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/07 23:32:16.0412 6484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/07 23:32:16.0427 6484 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/07 23:32:16.0458 6484 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/07 23:32:16.0505 6484 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/07 23:32:16.0568 6484 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/07 23:32:16.0630 6484 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/07 23:32:16.0771 6484 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/09/07 23:32:16.0849 6484 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/07 23:32:16.0896 6484 InCDfs (544f76e71f026099a563c202e2e4a341) C:\WINDOWS\system32\drivers\InCDFs.sys

2011/09/07 23:32:16.0912 6484 InCDPass (13708047b3988ac50e81e524ac32edbe) C:\WINDOWS\system32\drivers\InCDPass.sys

2011/09/07 23:32:16.0927 6484 InCDrec (182edee6cfaeaf5174ae6e6d714cf778) C:\WINDOWS\system32\drivers\InCDrec.sys

2011/09/07 23:32:16.0927 6484 incdrm (367f3d160e7129f057838a341a5339b2) C:\WINDOWS\system32\drivers\InCDRm.sys

2011/09/07 23:32:17.0083 6484 IntcAzAudAddService (915ce2a58c6917e3c53be1e91fa66ba8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/07 23:32:17.0146 6484 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/07 23:32:17.0193 6484 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/07 23:32:17.0224 6484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/09/07 23:32:17.0255 6484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/07 23:32:17.0287 6484 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/07 23:32:17.0318 6484 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/07 23:32:17.0349 6484 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/07 23:32:17.0380 6484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/07 23:32:17.0412 6484 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/07 23:32:17.0443 6484 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/07 23:32:17.0490 6484 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/07 23:32:17.0521 6484 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/07 23:32:17.0599 6484 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/09/07 23:32:17.0646 6484 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/09/07 23:32:17.0693 6484 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/09/07 23:32:17.0740 6484 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/07 23:32:17.0755 6484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/07 23:32:17.0787 6484 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/07 23:32:17.0849 6484 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/07 23:32:17.0865 6484 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/07 23:32:17.0927 6484 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/07 23:32:17.0958 6484 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/07 23:32:18.0005 6484 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/07 23:32:18.0052 6484 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/07 23:32:18.0068 6484 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/07 23:32:18.0083 6484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/07 23:32:18.0115 6484 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/07 23:32:18.0162 6484 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/07 23:32:18.0193 6484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/07 23:32:18.0224 6484 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/07 23:32:18.0240 6484 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/07 23:32:18.0271 6484 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/07 23:32:18.0318 6484 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/07 23:32:18.0349 6484 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/07 23:32:18.0365 6484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/07 23:32:18.0380 6484 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/07 23:32:18.0427 6484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/07 23:32:18.0443 6484 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/07 23:32:18.0474 6484 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/07 23:32:18.0521 6484 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/07 23:32:18.0568 6484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/07 23:32:18.0599 6484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/07 23:32:18.0630 6484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/07 23:32:18.0662 6484 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/09/07 23:32:18.0693 6484 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/07 23:32:18.0708 6484 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/07 23:32:18.0740 6484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/07 23:32:18.0771 6484 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/07 23:32:18.0818 6484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/07 23:32:18.0880 6484 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/07 23:32:19.0005 6484 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys

2011/09/07 23:32:19.0146 6484 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/09/07 23:32:19.0208 6484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/07 23:32:19.0208 6484 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/07 23:32:19.0255 6484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/07 23:32:19.0287 6484 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/09/07 23:32:19.0443 6484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/07 23:32:19.0474 6484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/07 23:32:19.0490 6484 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/07 23:32:19.0505 6484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/07 23:32:19.0537 6484 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/07 23:32:19.0552 6484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/07 23:32:19.0583 6484 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/07 23:32:19.0630 6484 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/07 23:32:19.0646 6484 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/07 23:32:19.0708 6484 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/07 23:32:19.0755 6484 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/07 23:32:19.0771 6484 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/07 23:32:19.0802 6484 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/07 23:32:19.0896 6484 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/07 23:32:19.0943 6484 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/07 23:32:19.0990 6484 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/07 23:32:20.0052 6484 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/07 23:32:20.0099 6484 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/07 23:32:20.0115 6484 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/07 23:32:20.0146 6484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/07 23:32:20.0240 6484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/07 23:32:20.0287 6484 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/07 23:32:20.0333 6484 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/07 23:32:20.0365 6484 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/07 23:32:20.0396 6484 Teefer (04906f0072903bd0280791a562596b95) C:\WINDOWS\system32\Drivers\Teefer.sys

2011/09/07 23:32:20.0443 6484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/07 23:32:20.0505 6484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/07 23:32:20.0537 6484 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/07 23:32:20.0568 6484 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/07 23:32:20.0615 6484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/07 23:32:20.0677 6484 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/07 23:32:20.0708 6484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/07 23:32:20.0724 6484 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/07 23:32:20.0787 6484 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/07 23:32:20.0802 6484 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/09/07 23:32:20.0865 6484 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/07 23:32:20.0912 6484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/07 23:32:20.0958 6484 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2011/09/07 23:32:21.0021 6484 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/07 23:32:21.0037 6484 wg3n (038ad5561af23bc9bba3d624daf311f0) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys

2011/09/07 23:32:21.0052 6484 wg4n (266aa247c92f5d202a9cc633142ca425) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys

2011/09/07 23:32:21.0083 6484 wg5n (c2a06a1673391203c023de8bc60927bc) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys

2011/09/07 23:32:21.0099 6484 wg6n (2e94e4ef8d985be291cb4573c5dfca35) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys

2011/09/07 23:32:21.0146 6484 wpsdrvnt (9eb103f5652c9253bad58350aede476d) C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2011/09/07 23:32:21.0177 6484 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/07 23:32:21.0208 6484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/07 23:32:21.0302 6484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/09/07 23:32:21.0318 6484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

2011/09/07 23:32:21.0318 6484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

2011/09/07 23:32:21.0333 6484 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR14

2011/09/07 23:32:21.0349 6484 Boot (0x1200) (4f1cd2d2601736911c3c2f2c1d24d594) \Device\Harddisk0\DR0\Partition0

2011/09/07 23:32:21.0365 6484 Boot (0x1200) (0a91c2da3d38541b70fb9cc43e6b6fd6) \Device\Harddisk0\DR0\Partition1

2011/09/07 23:32:21.0380 6484 Boot (0x1200) (94f52901b7b6726e9594af1c64ce8285) \Device\Harddisk0\DR0\Partition2

2011/09/07 23:32:21.0396 6484 Boot (0x1200) (a9b99e769a5de73eec10eea51707546e) \Device\Harddisk1\DR1\Partition0

2011/09/07 23:32:21.0396 6484 Boot (0x1200) (ad231c240e647e299bc2f6817d23c828) \Device\Harddisk2\DR2\Partition0

2011/09/07 23:32:21.0412 6484 Boot (0x1200) (303d3cd1930fefe62146d471d4761521) \Device\Harddisk3\DR3\Partition0

2011/09/07 23:32:21.0412 6484 Boot (0x1200) (99577adfee4914cb76a5be72066e2d31) \Device\Harddisk8\DR14\Partition0

2011/09/07 23:32:21.0412 6484 ================================================================================

2011/09/07 23:32:21.0412 6484 Scan finished

2011/09/07 23:32:21.0412 6484 ================================================================================

2011/09/07 23:32:21.0427 6812 Detected object count: 0

2011/09/07 23:32:21.0427 6812 Actual detected object count: 0

2011/09/07 23:32:31.0162 7464 Deinitialize success

---------------------------------------------------------------------------------------------------------------------------------

and the Combo-Fix log (grabbed from another one of your posts, because I did not have one)

ComboFix 11-09-07.04 - Liz 09/08/2011 0:18.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1434 [GMT -4:00]

Running from: c:\documents and settings\Liz\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Liz\Application Data\0D8A.C2F

c:\documents and settings\Liz\Application Data\Remote\owlctx

c:\documents and settings\Liz\Cookies\gapor._sy

c:\documents and settings\Liz\WINDOWS

c:\windows\sagipixe._sy

c:\windows\system32\comct332.ocx

c:\windows\system32\lvci11801048.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

.

.

((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))

.

.

2011-09-05 14:20 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-05 14:20 . 2011-09-05 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-05 14:20 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 12:21 . 2011-09-08 04:20 -------- d-----w- c:\documents and settings\Liz\Application Data\Remote

2011-08-30 19:56 . 2011-08-30 19:56 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-25 21:29 . 2011-09-08 03:10 -------- d-----w- c:\program files\Everything

2011-08-24 13:03 . 2011-09-08 03:07 -------- d-----w- c:\documents and settings\Liz\Application Data\pdftoepub

2011-08-24 13:03 . 2011-08-24 13:03 -------- d-----w- c:\program files\PDFtoEPUB

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 12:01 . 2008-11-06 16:18 69632 ----a-w- c:\windows\system32\realbap1.dll

2011-08-31 12:01 . 2008-11-06 16:18 45568 ----a-w- c:\windows\system32\realbsf1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-14 2532576]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 1050112]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\documents and settings\Liz\Start Menu\Programs\Startup\

HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]

PowerReg Scheduler.exe [2010-9-5 233472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/19/2009 2:29 PM 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/19/2009 2:29 PM 17744]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2011 10:20 AM 366640]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 10:20 AM 22712]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/7/2009 7:34 PM 11520]

S3 73592422;73592422; [x]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.sygate.com/swat/support/spf50_reg.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: aol.com\free

TCP: Interfaces\{7EB5D41B-9A63-430D-B471-96F9CBA271B9}: NameServer = 192.168.254.254

FF - ProfilePath - c:\documents and settings\Liz\Application Data\Mozilla\Firefox\Profiles\dlx4dmml.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57717

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

------- File Associations -------

.

txtfile=c:\windows\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Notify-avgrsstarter - avgrsstx.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-08 00:26

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(8028)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\SSSensor.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Sygate\SPF\smc.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-09-08 00:29:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-08 04:29

.

Pre-Run: 44,669,607,936 bytes free

Post-Run: 44,894,470,144 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 33F4A2CDEB650D3F8183EDD5E96E1894

------------------------------------------------------------------------------------------------

I had both, Sygate and Avast disabled for the scan, but both programs came back on, when combo-fix rebooted the machine, and were present during log-creation. I also do not know if defogger ever did it's job, because it was unable to reboot the pc. The incessant attacks on my pc have stopped, but it still takes more than 2.5 min to boot and almost as long to shut down.

Link to post
Share on other sites

Apparently combo-fix allowed the updating of the pc, since "NET runtime optimization" is trying to access the nework, and, last night as I shut down it was trying to install 83 updates, managed to install some of them....I did not ask for the updates and I do not know if they are legit. Thanks for the help.

P.S. also NET framwork (ServiceModelReg.exe), along with (mscorsvw.exe) is making an utter pest out of itself :-(.

Link to post
Share on other sites

Well, I have been trying to do this by myself (not that I know what I am doing mind you :-(), but I have one more question plse....it seems ComboFix put a folder named "Windows_softwareDistribution_download_090811" on my D drive. It has a bunch of folders inside it, but I do not know what they are....can I delete this folder (ComboFix is already uninstalled, since I was unable to access the internet again)? Thanks in advance

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.