Jump to content

Help removing rootkit

B1GPUN

By B1GPUN
in Resolved Malware Removal Logs

 Share

Recommended Posts

B1GPUN

B1GPUN

Posted
Posted

AVG detected incoming threat and MBAM (pro version) crashed simultaneously last night.

TDSSKiller is identifying "Rootkit.win32.pmax.gen" and another time it showed zaccess one as well. Upon restarts the infection keeps showing up. AVG and MBAM will not run in regular or safe mode. I have internet connection, but I am getting redirects.

As per forum instructions, attached is dds.txt -- should i also include attach.txt?

Please Help, thanks in advance.

dds.txt

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please do not attach logs unless otherwise noted.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

Thank you for your response and sorry for the delay...

I ran TDSSKILLER and the log is pasted below. As far as a MBAM scan, I cannot run the program. It will not open. How should I proceed or how can I get it working. The virus itself made AVG recognize many program files as infections. They are in the vault as Katusha.A and MBAM is one of them.

22:09:30.0015 2000 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

22:09:32.0015 2000 ============================================================

22:09:32.0015 2000 Current date / time: 2011/10/31 22:09:32.0015

22:09:32.0015 2000 SystemInfo:

22:09:32.0015 2000

22:09:32.0015 2000 OS Version: 5.1.2600 ServicePack: 3.0

22:09:32.0015 2000 Product type: Workstation

22:09:32.0015 2000 ComputerName: SHANE

22:09:32.0015 2000 UserName: Scott

22:09:32.0015 2000 Windows directory: C:\WINDOWS

22:09:32.0015 2000 System windows directory: C:\WINDOWS

22:09:32.0015 2000 Processor architecture: Intel x86

22:09:32.0015 2000 Number of processors: 2

22:09:32.0015 2000 Page size: 0x1000

22:09:32.0015 2000 Boot type: Normal boot

22:09:32.0015 2000 ============================================================

22:09:39.0796 2000 Initialize success

22:09:54.0140 2352 ============================================================

22:09:54.0140 2352 Scan started

22:09:54.0140 2352 Mode: Manual;

22:09:54.0140 2352 ============================================================

22:09:57.0921 2352 5958c76b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1808226393:2795976852.exe

22:10:00.0296 2352 Suspicious file (Hidden): C:\WINDOWS\1808226393:2795976852.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

22:10:00.0296 2352 5958c76b ( Rootkit.Win32.PMax.gen ) - infected

22:10:00.0296 2352 5958c76b - detected Rootkit.Win32.PMax.gen (0)

22:10:00.0437 2352 Abiosdsk - ok

22:10:00.0515 2352 abp480n5 - ok

22:10:00.0687 2352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:10:00.0718 2352 ACPI - ok

22:10:00.0812 2352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:10:00.0812 2352 ACPIEC - ok

22:10:00.0859 2352 adpu160m - ok

22:10:00.0937 2352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:10:00.0937 2352 aec - ok

22:10:01.0156 2352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:10:01.0187 2352 AFD - ok

22:10:01.0343 2352 Aha154x - ok

22:10:01.0406 2352 aic78u2 - ok

22:10:01.0687 2352 aic78xx - ok

22:10:01.0781 2352 AliIde - ok

22:10:01.0890 2352 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

22:10:01.0890 2352 AmdPPM - ok

22:10:01.0906 2352 amsint - ok

22:10:02.0281 2352 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:10:02.0296 2352 Arp1394 - ok

22:10:02.0500 2352 asc - ok

22:10:02.0703 2352 asc3350p - ok

22:10:02.0859 2352 asc3550 - ok

22:10:03.0187 2352 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

22:10:03.0187 2352 Aspi32 - ok

22:10:03.0421 2352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:10:03.0421 2352 AsyncMac - ok

22:10:03.0687 2352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:10:03.0687 2352 atapi - ok

22:10:03.0890 2352 Atdisk - ok

22:10:04.0156 2352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:10:04.0171 2352 Atmarpc - ok

22:10:04.0312 2352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:10:04.0328 2352 audstub - ok

22:10:04.0421 2352 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

22:10:04.0421 2352 AVGIDSDriver - ok

22:10:04.0734 2352 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

22:10:04.0734 2352 AVGIDSEH - ok

22:10:04.0828 2352 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

22:10:04.0828 2352 AVGIDSFilter - ok

22:10:05.0203 2352 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

22:10:05.0203 2352 AVGIDSShim - ok

22:10:05.0421 2352 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

22:10:05.0421 2352 Avgmfx86 - ok

22:10:05.0531 2352 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

22:10:05.0546 2352 Avgrkx86 - ok

22:10:05.0890 2352 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

22:10:05.0890 2352 Avgtdix - ok

22:10:06.0140 2352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:10:06.0203 2352 Beep - ok

22:10:06.0531 2352 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys

22:10:06.0921 2352 BTCFilterService - ok

22:10:07.0015 2352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:10:07.0015 2352 cbidf2k - ok

22:10:07.0093 2352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:10:07.0109 2352 CCDECODE - ok

22:10:07.0109 2352 cd20xrnt - ok

22:10:07.0187 2352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:10:07.0187 2352 Cdaudio - ok

22:10:07.0453 2352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:10:07.0468 2352 Cdfs - ok

22:10:07.0625 2352 Cdrom (dfcaffc0a5d9fdac7bdf169c5e3bdf10) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:10:07.0625 2352 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: dfcaffc0a5d9fdac7bdf169c5e3bdf10, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc

22:10:07.0625 2352 Cdrom ( Rootkit.Win32.ZAccess.e ) - infected

22:10:07.0625 2352 Cdrom - detected Rootkit.Win32.ZAccess.e (0)

22:10:07.0640 2352 Changer - ok

22:10:07.0703 2352 CmdIde - ok

22:10:07.0734 2352 Cpqarray - ok

22:10:07.0750 2352 dac2w2k - ok

22:10:07.0765 2352 dac960nt - ok

22:10:07.0796 2352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:10:07.0796 2352 Disk - ok

22:10:07.0843 2352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

22:10:07.0875 2352 dmboot - ok

22:10:07.0921 2352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

22:10:07.0921 2352 dmio - ok

22:10:07.0937 2352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:10:07.0937 2352 dmload - ok

22:10:07.0968 2352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:10:07.0968 2352 DMusic - ok

22:10:07.0984 2352 dpti2o - ok

22:10:08.0000 2352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:10:08.0000 2352 drmkaud - ok

22:10:08.0046 2352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:10:08.0078 2352 Fastfat - ok

22:10:08.0093 2352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:10:08.0093 2352 Fdc - ok

22:10:08.0109 2352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

22:10:08.0109 2352 Fips - ok

22:10:08.0125 2352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:10:08.0125 2352 Flpydisk - ok

22:10:08.0140 2352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:10:08.0156 2352 FltMgr - ok

22:10:08.0171 2352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:10:08.0187 2352 Fs_Rec - ok

22:10:08.0187 2352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:10:08.0203 2352 Ftdisk - ok

22:10:08.0218 2352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:10:08.0218 2352 Gpc - ok

22:10:08.0343 2352 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

22:10:08.0343 2352 grmnusb - ok

22:10:08.0406 2352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:10:08.0406 2352 HDAudBus - ok

22:10:08.0515 2352 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:10:08.0515 2352 hidusb - ok

22:10:08.0640 2352 hpn - ok

22:10:08.0765 2352 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

22:10:08.0765 2352 HPZid412 - ok

22:10:08.0781 2352 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

22:10:08.0781 2352 HPZipr12 - ok

22:10:08.0875 2352 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:10:08.0890 2352 HPZius12 - ok

22:10:09.0000 2352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:10:09.0109 2352 HTTP - ok

22:10:09.0125 2352 i2omgmt - ok

22:10:09.0375 2352 i2omp - ok

22:10:09.0593 2352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:10:09.0640 2352 i8042prt - ok

22:10:09.0687 2352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:10:09.0703 2352 Imapi - ok

22:10:09.0718 2352 ini910u - ok

22:10:09.0921 2352 IntcAzAudAddService (0be7f157d695e1d10ee102c96de4ac18) C:\WINDOWS\system32\drivers\RtkHDAud.sys

22:10:09.0953 2352 IntcAzAudAddService - ok

22:10:09.0968 2352 IntelIde - ok

22:10:10.0000 2352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:10:10.0015 2352 Ip6Fw - ok

22:10:10.0046 2352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:10:10.0046 2352 IpFilterDriver - ok

22:10:10.0062 2352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:10:10.0062 2352 IpInIp - ok

22:10:10.0093 2352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:10:10.0093 2352 IpNat - ok

22:10:10.0125 2352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:10:10.0203 2352 IPSec - ok

22:10:10.0218 2352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:10:10.0218 2352 IRENUM - ok

22:10:10.0281 2352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:10:10.0281 2352 isapnp - ok

22:10:10.0359 2352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:10:10.0375 2352 Kbdclass - ok

22:10:10.0375 2352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:10:10.0375 2352 kbdhid - ok

22:10:10.0453 2352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:10:10.0515 2352 kmixer - ok

22:10:10.0625 2352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:10:10.0640 2352 KSecDD - ok

22:10:10.0703 2352 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

22:10:10.0703 2352 L8042Kbd - ok

22:10:10.0734 2352 lbrtfdc - ok

22:10:10.0796 2352 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

22:10:10.0796 2352 LHidFilt - ok

22:10:10.0843 2352 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

22:10:10.0843 2352 LMouFilt - ok

22:10:10.0890 2352 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

22:10:10.0890 2352 LVUSBSta - ok

22:10:11.0031 2352 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

22:10:11.0265 2352 LVUVC - ok

22:10:11.0359 2352 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

22:10:11.0359 2352 MBAMProtector - ok

22:10:11.0437 2352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:10:11.0437 2352 mnmdd - ok

22:10:11.0453 2352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

22:10:11.0453 2352 Modem - ok

22:10:11.0546 2352 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys

22:10:11.0546 2352 motandroidusb - ok

22:10:11.0578 2352 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\WINDOWS\system32\DRIVERS\motccgp.sys

22:10:11.0578 2352 motccgp - ok

22:10:11.0625 2352 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

22:10:11.0625 2352 motccgpfl - ok

22:10:11.0671 2352 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\WINDOWS\system32\DRIVERS\motmodem.sys

22:10:11.0671 2352 motmodem - ok

22:10:11.0703 2352 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys

22:10:11.0703 2352 MotoSwitchService - ok

22:10:11.0734 2352 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys

22:10:11.0734 2352 Motousbnet - ok

22:10:12.0000 2352 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys

22:10:12.0015 2352 motusbdevice - ok

22:10:12.0062 2352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:10:12.0062 2352 Mouclass - ok

22:10:12.0062 2352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:10:12.0062 2352 mouhid - ok

22:10:12.0093 2352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:10:12.0093 2352 MountMgr - ok

22:10:12.0093 2352 mraid35x - ok

22:10:12.0250 2352 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

22:10:12.0250 2352 MREMP50 - ok

22:10:12.0250 2352 MREMPR5 - ok

22:10:12.0265 2352 MRENDIS5 - ok

22:10:12.0281 2352 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

22:10:12.0281 2352 MRESP50 - ok

22:10:12.0328 2352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:10:12.0328 2352 MRxDAV - ok

22:10:12.0375 2352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:10:12.0375 2352 MRxSmb - ok

22:10:12.0406 2352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:10:12.0406 2352 Msfs - ok

22:10:12.0437 2352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:10:12.0437 2352 MSKSSRV - ok

22:10:12.0453 2352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:10:12.0453 2352 MSPCLOCK - ok

22:10:12.0468 2352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:10:12.0468 2352 MSPQM - ok

22:10:12.0515 2352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:10:12.0515 2352 mssmbios - ok

22:10:12.0562 2352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:10:12.0562 2352 MSTEE - ok

22:10:12.0671 2352 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

22:10:12.0671 2352 MTsensor - ok

22:10:12.0796 2352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:10:12.0812 2352 Mup - ok

22:10:12.0843 2352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:10:12.0859 2352 NABTSFEC - ok

22:10:12.0921 2352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:10:12.0937 2352 NDIS - ok

22:10:12.0984 2352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:10:12.0984 2352 NdisIP - ok

22:10:13.0046 2352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:10:13.0046 2352 NdisTapi - ok

22:10:13.0093 2352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:10:13.0093 2352 Ndisuio - ok

22:10:13.0156 2352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:10:13.0156 2352 NdisWan - ok

22:10:13.0203 2352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:10:13.0203 2352 NDProxy - ok

22:10:13.0234 2352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:10:13.0234 2352 NetBIOS - ok

22:10:13.0296 2352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:10:13.0296 2352 NetBT - ok

22:10:13.0359 2352 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:10:13.0375 2352 NIC1394 - ok

22:10:13.0390 2352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:10:13.0390 2352 Npfs - ok

22:10:13.0437 2352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:10:13.0437 2352 Ntfs - ok

22:10:13.0765 2352 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys

22:10:13.0765 2352 ntk_dtv - ok

22:10:13.0828 2352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:10:13.0843 2352 Null - ok

22:10:14.0093 2352 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:10:15.0203 2352 nv - ok

22:10:15.0937 2352 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

22:10:15.0937 2352 NVENETFD - ok

22:10:16.0609 2352 NVHDA (0ba72d1d0b83e1e5500c5dc4c7bafc32) C:\WINDOWS\system32\drivers\nvhda32.sys

22:10:16.0609 2352 NVHDA - ok

22:10:16.0765 2352 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

22:10:16.0765 2352 nvnetbus - ok

22:10:16.0921 2352 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys

22:10:16.0921 2352 nvsmu - ok

22:10:17.0093 2352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:10:17.0093 2352 NwlnkFlt - ok

22:10:17.0109 2352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:10:17.0109 2352 NwlnkFwd - ok

22:10:17.0250 2352 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:10:17.0296 2352 ohci1394 - ok

22:10:18.0125 2352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

22:10:18.0156 2352 Parport - ok

22:10:18.0453 2352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:10:18.0468 2352 PartMgr - ok

22:10:18.0843 2352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:10:18.0843 2352 ParVdm - ok

22:10:19.0500 2352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

22:10:19.0546 2352 PCI - ok

22:10:19.0750 2352 PCIDump - ok

22:10:19.0953 2352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:10:19.0953 2352 PCIIde - ok

22:10:20.0015 2352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:10:20.0078 2352 Pcmcia - ok

22:10:20.0218 2352 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys

22:10:20.0234 2352 pcouffin - ok

22:10:20.0265 2352 PDCOMP - ok

22:10:20.0328 2352 PDFRAME - ok

22:10:20.0734 2352 PDRELI - ok

22:10:20.0781 2352 PDRFRAME - ok

22:10:20.0828 2352 perc2 - ok

22:10:21.0046 2352 perc2hib - ok

22:10:21.0156 2352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:10:21.0171 2352 PptpMiniport - ok

22:10:21.0218 2352 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

22:10:21.0234 2352 Processor - ok

22:10:21.0281 2352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:10:21.0281 2352 PSched - ok

22:10:21.0375 2352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:10:21.0390 2352 Ptilink - ok

22:10:21.0468 2352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:10:21.0468 2352 PxHelp20 - ok

22:10:21.0484 2352 ql1080 - ok

22:10:21.0500 2352 Ql10wnt - ok

22:10:21.0515 2352 ql12160 - ok

22:10:21.0531 2352 ql1240 - ok

22:10:21.0546 2352 ql1280 - ok

22:10:21.0593 2352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:10:21.0609 2352 RasAcd - ok

22:10:21.0671 2352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:10:21.0687 2352 Rasl2tp - ok

22:10:21.0703 2352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:10:21.0703 2352 RasPppoe - ok

22:10:21.0718 2352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:10:21.0718 2352 Raspti - ok

22:10:21.0765 2352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:10:21.0765 2352 Rdbss - ok

22:10:21.0781 2352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:10:21.0781 2352 RDPCDD - ok

22:10:21.0812 2352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:10:21.0812 2352 rdpdr - ok

22:10:21.0890 2352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

22:10:21.0890 2352 RDPWD - ok

22:10:21.0906 2352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:10:21.0921 2352 redbook - ok

22:10:21.0953 2352 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

22:10:21.0968 2352 RimVSerPort - ok

22:10:22.0031 2352 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

22:10:22.0031 2352 ROOTMODEM - ok

22:10:22.0234 2352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

22:10:22.0234 2352 SASDIFSV - ok

22:10:22.0250 2352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

22:10:22.0250 2352 SASKUTIL - ok

22:10:22.0281 2352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:10:22.0281 2352 Secdrv - ok

22:10:22.0312 2352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:10:22.0312 2352 serenum - ok

22:10:22.0343 2352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

22:10:22.0359 2352 Serial - ok

22:10:22.0406 2352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:10:22.0406 2352 Sfloppy - ok

22:10:22.0437 2352 Simbad - ok

22:10:22.0500 2352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:10:22.0515 2352 SLIP - ok

22:10:22.0531 2352 Sparrow - ok

22:10:22.0578 2352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:10:22.0578 2352 splitter - ok

22:10:22.0609 2352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

22:10:22.0609 2352 sr - ok

22:10:22.0656 2352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:10:22.0671 2352 Srv - ok

22:10:22.0718 2352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:10:22.0718 2352 streamip - ok

22:10:22.0734 2352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:10:22.0734 2352 swenum - ok

22:10:22.0781 2352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:10:22.0796 2352 swmidi - ok

22:10:22.0812 2352 symc810 - ok

22:10:22.0828 2352 symc8xx - ok

22:10:22.0843 2352 sym_hi - ok

22:10:22.0843 2352 sym_u3 - ok

22:10:22.0859 2352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:10:22.0875 2352 sysaudio - ok

22:10:22.0968 2352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:10:22.0984 2352 Tcpip - ok

22:10:23.0031 2352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:10:23.0031 2352 TDPIPE - ok

22:10:23.0046 2352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:10:23.0046 2352 TDTCP - ok

22:10:23.0109 2352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:10:23.0109 2352 TermDD - ok

22:10:23.0125 2352 TosIde - ok

22:10:23.0187 2352 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys

22:10:23.0187 2352 TPkd - ok

22:10:23.0234 2352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:10:23.0234 2352 Udfs - ok

22:10:23.0250 2352 ultra - ok

22:10:23.0281 2352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:10:23.0281 2352 Update - ok

22:10:23.0359 2352 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

22:10:23.0359 2352 USBAAPL - ok

22:10:23.0390 2352 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

22:10:23.0390 2352 usbaudio - ok

22:10:23.0437 2352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:10:23.0437 2352 usbccgp - ok

22:10:23.0468 2352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:10:23.0468 2352 usbehci - ok

22:10:23.0484 2352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:10:23.0484 2352 usbhub - ok

22:10:23.0500 2352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

22:10:23.0515 2352 usbohci - ok

22:10:23.0593 2352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:10:23.0593 2352 usbprint - ok

22:10:23.0671 2352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:10:23.0687 2352 usbscan - ok

22:10:23.0703 2352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:10:23.0703 2352 USBSTOR - ok

22:10:23.0765 2352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:10:23.0765 2352 VgaSave - ok

22:10:23.0796 2352 ViaIde - ok

22:10:23.0828 2352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

22:10:23.0828 2352 VolSnap - ok

22:10:23.0875 2352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:10:23.0875 2352 Wanarp - ok

22:10:23.0984 2352 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

22:10:23.0984 2352 Wdf01000 - ok

22:10:24.0000 2352 WDICA - ok

22:10:24.0015 2352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:10:24.0015 2352 wdmaud - ok

22:10:24.0140 2352 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

22:10:24.0140 2352 WinUSB - ok

22:10:24.0187 2352 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDOWS\system32\drivers\WmBEnum.sys

22:10:24.0187 2352 WmBEnum - ok

22:10:24.0234 2352 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDOWS\system32\drivers\WmFilter.sys

22:10:24.0250 2352 WmFilter - ok

22:10:24.0265 2352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

22:10:24.0265 2352 WmiAcpi - ok

22:10:24.0296 2352 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDOWS\system32\drivers\WmVirHid.sys

22:10:24.0296 2352 WmVirHid - ok

22:10:24.0296 2352 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDOWS\system32\drivers\WmXlCore.sys

22:10:24.0312 2352 WmXlCore - ok

22:10:24.0375 2352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

22:10:24.0390 2352 WpdUsb - ok

22:10:24.0421 2352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:10:24.0421 2352 WS2IFSL - ok

22:10:24.0515 2352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:10:24.0515 2352 WSTCODEC - ok

22:10:24.0578 2352 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:10:24.0593 2352 WudfPf - ok

22:10:24.0609 2352 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:10:24.0625 2352 WudfRd - ok

22:10:24.0687 2352 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys

22:10:24.0687 2352 xusb21 - ok

22:10:24.0921 2352 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys

22:10:24.0921 2352 zumbus - ok

22:10:25.0000 2352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:10:25.0156 2352 \Device\Harddisk0\DR0 - ok

22:10:25.0171 2352 Boot (0x1200) (8488de0feb1ba9d97febbf65251c7ded) \Device\Harddisk0\DR0\Partition0

22:10:25.0171 2352 \Device\Harddisk0\DR0\Partition0 - ok

22:10:25.0171 2352 ============================================================

22:10:25.0171 2352 Scan finished

22:10:25.0171 2352 ============================================================

22:10:25.0187 3612 Detected object count: 2

22:10:25.0187 3612 Actual detected object count: 2

22:10:52.0625 3612 HKLM\SYSTEM\ControlSet001\services\5958c76b - will be deleted on reboot

22:10:52.0625 3612 HKLM\SYSTEM\ControlSet003\services\5958c76b - will be deleted on reboot

22:10:52.0625 3612 C:\WINDOWS\1808226393:2795976852.exe - will be deleted on reboot

22:10:52.0625 3612 5958c76b ( Rootkit.Win32.PMax.gen ) - User select action: Delete

22:10:54.0765 3612 Backup copy found, using it..

22:10:55.0812 3612 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot

22:10:55.0812 3612 Cdrom ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

22:11:12.0046 0708 Deinitialize success

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

I re-downloaded MBAM and attempted a quick scan. After a few seconds it closed and any attempts to open program get the response "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions..."

Please advise next course of action

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

HERE IS THE COMBOFIX LOG:

One note, after combofix ran an IE icon showed up on my desktop with a text file named "catchme.log" It contained: File "C:\ComboFix\MT_nSvcIp.exe.tmp" added successfully. Don't know if this is of any value

ComboFix 11-11-06.02 - Scott 11/06/2011 13:52:49.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2957 [GMT -5:00]

Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\0DC5862787C23049._bu

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\20101002233429.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\20101002233421.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\20101002233426.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\20101002233530.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\20100916023805.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.ico

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe

c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U

c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\80000000.@

c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\800000cb.@

c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\800000cf.@

c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\X

c:\documents and settings\Scott\rgjifbuzkp.tmp

c:\windows\$NtUninstallKB25036$

c:\windows\$NtUninstallKB25036$\1498990443\@

c:\windows\$NtUninstallKB25036$\1498990443\L\kfhmdshi

c:\windows\$NtUninstallKB25036$\1498990443\loader.tlb

c:\windows\$NtUninstallKB25036$\1498990443\U\@00000001

c:\windows\$NtUninstallKB25036$\1498990443\U\@000000c0

c:\windows\$NtUninstallKB25036$\1498990443\U\@000000cb

c:\windows\$NtUninstallKB25036$\1498990443\U\@000000cf

c:\windows\$NtUninstallKB25036$\1498990443\U\@80000000

c:\windows\$NtUninstallKB25036$\1498990443\U\@800000c0

c:\windows\$NtUninstallKB25036$\1498990443\U\@800000cb

c:\windows\$NtUninstallKB25036$\1498990443\U\@800000cf

c:\windows\$NtUninstallKB25036$\454262038

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\system32\

c:\windows\system32\c_97100.nls

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected

Restored copy from - c:\program files\SUPERAntiSpyware\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088611.exe

.

Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091176.exe

.

Infected copy of c:\program files\bin32\nSvcIp.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088560.exe

.

Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088491.exe

.

Infected copy of c:\windows\system32\ZuneBusEnum.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088559.exe

.

Infected copy of c:\program files\bin32\nSvcIp.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088560.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_5958c76b

.

.

((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))

.

.

2011-11-06 18:45 . 2011-11-01 02:18 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-06 18:45 . 2011-11-01 02:18 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-01 02:38 . 2011-11-01 02:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-26 06:08 . 2011-10-26 06:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-25 07:05 . 2011-10-25 07:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2011-10-25 02:17 . 2011-10-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup

2011-10-25 01:56 . 2011-11-01 02:19 48016 --sha-w- c:\windows\system32\c_97100.nl_

2011-10-24 05:59 . 2011-11-06 19:06 -------- d-sh--w- c:\documents and settings\Scott\Local Settings\Application Data\5958c76b

2011-10-24 00:17 . 2011-10-24 00:31 -------- d-----w- c:\documents and settings\Scott\Tracing

2011-10-23 18:55 . 2011-10-23 18:55 -------- d-----w- c:\program files\Microsoft

2011-10-23 18:54 . 2011-10-23 18:54 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-10-23 18:54 . 2011-10-23 18:55 -------- d-----w- c:\program files\Windows Live

2011-10-23 18:51 . 2011-10-23 18:51 -------- d-----w- c:\program files\Common Files\Windows Live

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 07:18 . 2009-01-09 07:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 21:00 . 2009-01-10 06:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 21:32 . 2007-07-27 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32 . 2007-07-27 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22 . 2007-07-27 12:00 389120 ----a-w- c:\windows\system32\html.iec

2011-09-30 16:14 . 2011-03-27 20:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-10 1242448]

"Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-09-30 194560]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"nwiz"="nwiz.exe" [2008-09-18 1657376]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=10.0.1411" [?]

.

c:\documents and settings\Scott\Start Menu\Programs\Startup\

MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-9 692224]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]

path=c:\documents and settings\Scott\Start Menu\Programs\Startup\V CAST Media Monitor.lnk

backup=c:\windows\pss\V CAST Media Monitor.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxee]

2010-10-31 13:39 19456000 ----a-w- c:\program files\Boxee\BOXEE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2007-12-14 16:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2008-03-21 01:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Boxee\\BOXEE.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC.exe"=

"c:\\Program Files\\Unified Remote\\RemoteServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Verizon\\McciBrowser.exe"=

"c:\\Documents and Settings\\Scott\\Desktop\\TDSSKiller.exe"=

"c:\\DOWNLOADS\\SUPERAntiSpyware.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\Documents and Settings\\Scott\\Desktop\\New Folder\\TDSSKiller.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=

"c:\\Program Files\\Steam\\steamerrorreporter.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1050:TCP"= 1050:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/6/2011 2:09 PM 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 2:11 PM 366152]

R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 5:40 PM 119792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 1:40 AM 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2009 9:54 AM 38176]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/3/2009 2:57 AM 47360]

S2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe --> c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664]

S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/15/2010 1:48 PM 6016]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [9/27/2010 3:03 AM 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/27/2010 3:03 AM 19968]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/15/2010 1:48 PM 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/15/2010 1:48 PM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [7/15/2010 1:48 PM 9472]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-06 08:55]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44]

.

2011-11-06 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mlb.mlb.com/index.jsp

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F}: NameServer = 208.67.222.222,208.67.220.220

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pzjx8kdb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0281CD58-3082-4C8A-B2F5-76B2F811C902} - c:\windows\system32\atrace32.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-12374780.sys

SafeBoot-46488479.sys

SafeBoot-61684727.sys

SafeBoot-70141892.sys

SafeBoot-75466144.sys

SafeBoot-82777506.sys

SafeBoot-klmdb.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-{E7269FD6-34EA-4617-8752-6739AA384080} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E7269~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-06 14:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(752)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\nvLsp.dll

.

- - - - - - - > 'explorer.exe'(3736)

c:\windows\system32\WININET.dll

c:\program files\RocketDock\RocketDock.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\bin32\nSvcIp.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Zune\ZuneNss.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-11-06 14:32:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-06 19:32

ComboFix.txt 2009-01-26 14:40

.

Pre-Run: 52,178,825,216 bytes free

Post-Run: 55,661,678,592 bytes free

.

- - End Of File - - 20B20D74C9A4DF4DA1027AB141F6724B

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

AND A NEW DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Scott at 14:39:04 on 2011-11-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2597 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\bin32\nSvcIp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Documents and Settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mlb.mlb.com/index.jsp

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [unified Remote v2] c:\program files\unified remote\RemoteServer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=10.0.1411

StartupFolder: c:\docume~1\scott\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\scott\local settings\application data\autobahn\mlb-nexdef-autobahn.exe

StartupFolder: c:\docume~1\scott\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\videoget\plugins\VIDEOG~1.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: %SYSTEMROOT%\system32\nvLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F} : DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\pzjx8kdb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-11-6 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 366152]

R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-1-9 38176]

S2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]

S2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\cldtvhnservice.exe --> c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]

S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\motoconnectservice.exe --> c:\program files\motorola\motoconnectservice\MotoConnectService.exe [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-15 6016]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-9-27 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-27 19968]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-15 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-15 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-7-15 9472]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-06 18:45:44 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-06 18:45:44 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-06 18:42:03 98816 ----a-w- c:\windows\sed.exe

2011-11-06 18:42:03 518144 ----a-w- c:\windows\SWREG.exe

2011-11-06 18:42:03 256000 ----a-w- c:\windows\PEV.exe

2011-11-06 18:42:03 208896 ----a-w- c:\windows\MBR.exe

2011-11-01 02:38:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-26 06:08:00 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-25 02:17:50 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup

2011-10-25 01:56:41 48016 --sha-w- c:\windows\system32\c_97100.nl_

2011-10-24 17:05:00 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-24 17:05:00 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-10-24 17:04:57 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-10-24 05:59:02 -------- d-sh--w- c:\documents and settings\scott\local settings\application data\5958c76b

2011-10-24 00:17:46 -------- d-----w- c:\documents and settings\scott\Tracing

2011-10-23 18:55:16 -------- d-----w- c:\program files\Microsoft

2011-10-23 18:54:54 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-10-23 18:51:52 -------- d-----w- c:\program files\common files\Windows Live

.

==================== Find3M ====================

.

2011-10-25 07:18:52 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32:16 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 14:39:21.59 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=98425
Collect::
c:\windows\system32\c_97100.nl_

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

Ok, everything has been done as requested. Here is the Log:

ComboFix 11-11-11.02 - Scott 11/11/2011 3:06.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2612 [GMT -5:00]

Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

file zipped: c:\windows\system32\c_97100.nl_

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\c_97100.nl_

.

.

((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))

.

.

2011-11-11 07:50 . 2011-11-11 07:54 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Akamai

2011-11-06 18:45 . 2011-11-01 02:18 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-06 18:45 . 2011-11-01 02:18 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-01 02:38 . 2011-11-01 02:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-26 06:08 . 2011-10-26 06:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-25 07:05 . 2011-10-25 07:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2011-10-25 02:17 . 2011-10-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup

2011-10-25 01:15 . 2011-10-25 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

2011-10-24 17:05 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-24 17:04 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-10-24 05:59 . 2011-11-06 19:06 -------- d-sh--w- c:\documents and settings\Scott\Local Settings\Application Data\5958c76b

2011-10-24 00:17 . 2011-10-24 00:31 -------- d-----w- c:\documents and settings\Scott\Tracing

2011-10-23 18:55 . 2011-10-23 18:55 -------- d-----w- c:\program files\Microsoft

2011-10-23 18:54 . 2011-10-23 18:54 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-10-23 18:54 . 2011-10-23 18:55 -------- d-----w- c:\program files\Windows Live

2011-10-23 18:51 . 2011-10-23 18:51 -------- d-----w- c:\program files\Common Files\Windows Live

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 07:18 . 2009-01-09 07:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 21:00 . 2009-01-10 06:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 21:32 . 2007-07-27 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32 . 2007-07-27 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22 . 2007-07-27 12:00 389120 ----a-w- c:\windows\system32\html.iec

2011-09-30 16:14 . 2011-03-27 20:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-06_19.22.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-11 08:19 . 2011-11-11 08:19 16384 c:\windows\temp\Perflib_Perfdata_198.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-10 1242448]

"Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-09-30 194560]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]

"Akamai NetSession Interface"="c:\documents and settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-11 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"nwiz"="nwiz.exe" [2008-09-18 1657376]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=10.0.1411" [?]

.

c:\documents and settings\Scott\Start Menu\Programs\Startup\

MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-9 692224]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]

path=c:\documents and settings\Scott\Start Menu\Programs\Startup\V CAST Media Monitor.lnk

backup=c:\windows\pss\V CAST Media Monitor.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxee]

2010-10-31 13:39 19456000 ----a-w- c:\program files\Boxee\BOXEE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2007-12-14 16:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2008-03-21 01:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Boxee\\BOXEE.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC.exe"=

"c:\\Program Files\\Unified Remote\\RemoteServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Verizon\\McciBrowser.exe"=

"c:\\Documents and Settings\\Scott\\Desktop\\TDSSKiller.exe"=

"c:\\DOWNLOADS\\SUPERAntiSpyware.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\Documents and Settings\\Scott\\Desktop\\New Folder\\TDSSKiller.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=

"c:\\Program Files\\Steam\\steamerrorreporter.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Documents and Settings\\Scott\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1070:TCP"= 1070:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/6/2011 2:09 PM 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 2:11 PM 366152]

R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 5:40 PM 119792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 1:40 AM 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2009 9:54 AM 38176]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/3/2009 2:57 AM 47360]

S2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe --> c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664]

S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/15/2010 1:48 PM 6016]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [9/27/2010 3:03 AM 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/27/2010 3:03 AM 19968]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/15/2010 1:48 PM 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/15/2010 1:48 PM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [7/15/2010 1:48 PM 9472]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-11 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-06 08:55]

.

2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44]

.

2011-11-11 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mlb.mlb.com/index.jsp

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F}: NameServer = 208.67.222.222,208.67.220.220

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pzjx8kdb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-11 03:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(752)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\nvLsp.dll

.

- - - - - - - > 'explorer.exe'(1236)

c:\windows\system32\WININET.dll

c:\program files\RocketDock\RocketDock.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\bin32\nSvcIp.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Zune\ZuneNss.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-11-11 03:32:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-11 08:32

ComboFix.txt 2009-01-26 14:40

ComboFix2.txt 2011-11-06 19:32

.

Pre-Run: 55,632,969,728 bytes free

Post-Run: 55,625,011,200 bytes free

.

- - End Of File - - 642146B1A8D69CEE1941011DA8790F25

Upload was successful

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

ESET log will be posted momentarily. My system actually runs pretty smooth. startup is a little slow and to be honest I havn't been using it much since the infection. I'm leaving it off most of the time. One question I do have is regarding external hard drives. I have 3 of them that were connected when the infection occured. I unplugged them soon after, and have not plugged them back in. Should I worry about them or anything being on those drives?

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0d50a9ce62a740408e1adea2dc2e70b5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-24 06:17:19

# local_time=2011-11-24 01:17:19 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 629622 629622 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=186717

# found=48

# cleaned=48

# scan_time=8674

C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\17\2465fd11-715b71ca Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\bin32\nSvcIp.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCORE.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\ZuneBusEnum.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090640.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090651.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090668.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090669.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090686.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090687.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091168.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091169.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092168.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092169.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092192.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092236.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092237.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092254.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092255.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092444.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092499.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092500.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092501.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092502.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092503.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092504.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1005\A0092953.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP918\A0082004.exe probably a variant of Win32/Agent.BLBJFEG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP918\A0082112.dll a variant of Win32/Kryptik.QSR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP923\A0082644.exe probably a variant of Win32/Agent.BLBJFEG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP923\A0082649.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP931\A0083012.dll a variant of Win32/Kryptik.QSR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088551.sys a variant of Win32/Rootkit.Kryptik.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088552.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088615.sys a variant of Win32/Rootkit.Kryptik.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088616.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.10.2011_02.05.45\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\wuauclt.exe.tmp Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\KB905474\wgasetup.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 23

Java version out of date!

Adobe Flash Player ( 10.2.159.1) Flash Player out of Date!

Adobe Reader 9 (Adobe Reader out of date!

Mozilla Firefox (7.0.1) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

Ad-Aware (if you don't update and run it regularly)

ESET Online Scanner v3

Java™ 6 Update 23

Adobe Flash Player ( 10.2.159.1)

Adobe Reader 9

Mozilla Firefox (7.0.1)

Restart your computer.

Get the latest version of Java, Adobe Reader, Adobe Flash Player, and Firefox.

Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Let me know if the update was successful and what issues remain.

-screen317

Link to post
Share on other sites
B1GPUN

B1GPUN

Posted
  • Author
Posted

Ok. I have done everything requested. Thanks Again for bearing with me through this issue. The computer is running fine, all the updates were successful. The only issue was Ad-Aware will not uninstall through Add/Remove due to an error.

It seems as if the system is clean. I also downloaded AVG free 2012 and ran a scan which found nothing.

I guess my main concern that remains is in regards to my external hard drives. Is it safe to plug them back in? They were plugged in at time of infection.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Feel free to plug them back in. When you do, do a full scan on all of them with AVG and MBAM just to be sure.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept