Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer HELP!!


  • This topic is locked This topic is locked
52 replies to this topic

#1 richhb

richhb

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 30 November 2010 - 02:11 PM

Help!!!!!!!!

I have Windows XP
I tried to download something the other day off the internet the computer started acting funny and slowing down so I restarted it then.

1.desktop changed
2.the programs changed on my desktop
3.Toolbar changed,
4.Google chrome gone.
5.Anvira says no virus......
6. Error msg with no disk space and C drive showed 0%, I uninstalled some items

I tried
1. research on the web, no help
2. Downloaded Malwarebytes, doesn't run
3. Downloaded Ad-Ware, doesn't run
4. Downloaded Super Antispyware, run and found 786 infected items, fixed it, but still my computer it not working.
5. Now Bleeping Computer.

I have attached GMER, DDS, Hijackthis

Thanks for you help

Richard

Anyone out there?

I can't change my desktop or settings. I noticed that one of my excel doc's I use all the time is gone. Every time I go into Excel it asks me to install it with a cd-rom......getting very frustrated!! Please help!!

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 05 December 2010 - 07:52 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Instructor
  • 7,148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:16 PM

Posted 07 December 2010 - 08:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 09 December 2010 - 10:16 AM

I had problems running the scans you requested. I did attach the results. Please help ASAP

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 09 December 2010 - 08:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please attempt to run the following program

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#5 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 10 December 2010 - 10:02 AM

I ran the scan and nothing was found. Here is the log....

2010/12/10 09:00:54.0328 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/10 09:00:54.0328 ================================================================================
2010/12/10 09:00:54.0328 SystemInfo:
2010/12/10 09:00:54.0328
2010/12/10 09:00:54.0328 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/10 09:00:54.0328 Product type: Workstation
2010/12/10 09:00:54.0328 ComputerName: DELL
2010/12/10 09:00:54.0328 UserName: Rich
2010/12/10 09:00:54.0328 Windows directory: C:\WINDOWS
2010/12/10 09:00:54.0328 System windows directory: C:\WINDOWS
2010/12/10 09:00:54.0328 Processor architecture: Intel x86
2010/12/10 09:00:54.0328 Number of processors: 1
2010/12/10 09:00:54.0328 Page size: 0x1000
2010/12/10 09:00:54.0328 Boot type: Normal boot
2010/12/10 09:00:54.0328 ================================================================================
2010/12/10 09:00:55.0156 Initialize success
2010/12/10 09:01:01.0765 ================================================================================
2010/12/10 09:01:01.0765 Scan started
2010/12/10 09:01:01.0765 Mode: Manual;
2010/12/10 09:01:01.0765 ================================================================================
2010/12/10 09:01:02.0718 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/10 09:01:02.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/10 09:01:03.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/10 09:01:03.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/10 09:01:03.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/10 09:01:03.0718 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/10 09:01:05.0031 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2010/12/10 09:01:05.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/10 09:01:05.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/10 09:01:05.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/10 09:01:05.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/10 09:01:06.0078 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/12/10 09:01:06.0234 AvgLdx86 (b02fbfa2ff91e8778a08f9a6053ccbe3) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/10 09:01:06.0390 AvgMfx86 (37a7618a843bb15b5430103c9945dc4c) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/10 09:01:06.0578 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/12/10 09:01:06.0843 AvgRkx86 (219dfc4ca7a1e930b3b7d1c55fba0698) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/12/10 09:01:07.0000 AvgTdiX (c81db4dd6e6e650bf90bda09a00acc94) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/10 09:01:07.0468 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/10 09:01:07.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/10 09:01:07.0937 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/12/10 09:01:08.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/10 09:01:08.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/10 09:01:08.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/10 09:01:08.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/10 09:01:09.0187 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/10 09:01:10.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/10 09:01:10.0609 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/10 09:01:10.0843 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/10 09:01:11.0046 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/10 09:01:11.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/10 09:01:11.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/10 09:01:11.0921 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/10 09:01:12.0187 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/10 09:01:12.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/10 09:01:12.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/10 09:01:12.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/10 09:01:13.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/10 09:01:13.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/10 09:01:13.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/10 09:01:13.0640 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys
2010/12/10 09:01:13.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/10 09:01:14.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/10 09:01:14.0296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/10 09:01:14.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/10 09:01:15.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/10 09:01:15.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/10 09:01:16.0046 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/10 09:01:16.0234 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/10 09:01:16.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/10 09:01:16.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/10 09:01:16.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/10 09:01:17.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/10 09:01:17.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/10 09:01:17.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/10 09:01:17.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/10 09:01:17.0953 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/10 09:01:18.0140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/10 09:01:18.0375 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/10 09:01:18.0859 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/12/10 09:01:19.0093 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/12/10 09:01:19.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/10 09:01:19.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/10 09:01:19.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/10 09:01:19.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/10 09:01:20.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/10 09:01:20.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/10 09:01:20.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/10 09:01:20.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/10 09:01:21.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/10 09:01:21.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/10 09:01:21.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/10 09:01:21.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/10 09:01:22.0046 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/10 09:01:22.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/10 09:01:22.0468 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/10 09:01:22.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/10 09:01:22.0937 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/10 09:01:23.0156 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
2010/12/10 09:01:23.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/10 09:01:23.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/10 09:01:23.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/10 09:01:23.0937 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/10 09:01:24.0125 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/10 09:01:24.0312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/10 09:01:24.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/10 09:01:24.0921 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/10 09:01:25.0218 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/10 09:01:25.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/10 09:01:25.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/10 09:01:25.0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/10 09:01:26.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/10 09:01:26.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/10 09:01:26.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/10 09:01:27.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/10 09:01:27.0234 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/10 09:01:28.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/10 09:01:29.0015 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/10 09:01:29.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/10 09:01:29.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/10 09:01:29.0750 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/10 09:01:30.0031 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/12/10 09:01:31.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/10 09:01:31.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/10 09:01:31.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/10 09:01:31.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/10 09:01:32.0031 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/10 09:01:32.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/10 09:01:32.0453 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/10 09:01:32.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/10 09:01:32.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/10 09:01:33.0109 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/10 09:01:33.0312 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/10 09:01:33.0375 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/10 09:01:33.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/10 09:01:33.0906 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/10 09:01:34.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/10 09:01:34.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/10 09:01:34.0656 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/10 09:01:34.0875 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/12/10 09:01:35.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/10 09:01:35.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/12/10 09:01:35.0734 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/10 09:01:35.0968 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/10 09:01:36.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/10 09:01:36.0359 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/10 09:01:36.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/10 09:01:37.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/10 09:01:37.0625 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys
2010/12/10 09:01:37.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/10 09:01:38.0078 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/10 09:01:38.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/10 09:01:38.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/10 09:01:38.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/10 09:01:39.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/10 09:01:39.0609 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/10 09:01:39.0796 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/10 09:01:40.0000 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/12/10 09:01:40.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/10 09:01:40.0375 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/12/10 09:01:40.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/10 09:01:40.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/10 09:01:40.0968 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/12/10 09:01:41.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/10 09:01:41.0375 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/10 09:01:41.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/10 09:01:41.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/10 09:01:42.0125 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/10 09:01:42.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/10 09:01:42.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/10 09:01:42.0906 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/12/10 09:01:43.0125 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/12/10 09:01:43.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/10 09:01:43.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/10 09:01:44.0187 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/10 09:01:44.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/10 09:01:44.0703 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/10 09:01:45.0156 ================================================================================
2010/12/10 09:01:45.0156 Scan finished
2010/12/10 09:01:45.0156 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 10 December 2010 - 07:27 PM

Please run MBRCheck next

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#7 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 12 December 2010 - 06:09 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0002006d

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A2F000 \WINDOWS\system32\KDCOM.DLL
0xF793F000 \WINDOWS\system32\BOOTVID.dll
0xF74E0000 ACPI.sys
0xF7A31000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF74CF000 pci.sys
0xF752F000 isapnp.sys
0xF7A33000 intelide.sys
0xF77AF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF753F000 MountMgr.sys
0xF74B0000 ftdisk.sys
0xF7A35000 dmload.sys
0xF748A000 dmio.sys
0xF77B7000 PartMgr.sys
0xF754F000 VolSnap.sys
0xF7472000 atapi.sys
0xF755F000 disk.sys
0xF756F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7452000 fltmgr.sys
0xF757F000 PxHelp20.sys
0xF743B000 KSecDD.sys
0xF73AE000 Ntfs.sys
0xF7381000 NDIS.sys
0xF7367000 Mup.sys
0xF7A37000 avgrkx86.sys
0xF758F000 agp440.sys
0xF6C44000 \SystemRoot\System32\DRIVERS\processr.sys
0xF6BE5000 \SystemRoot\System32\DRIVERS\G400m.sys
0xF6BD1000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7887000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6BAD000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF788F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6B9C000 \SystemRoot\System32\DRIVERS\el90xbc5.sys
0xF7897000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF6C34000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF789F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF75AF000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7A0F000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6B88000 \SystemRoot\System32\DRIVERS\parport.sys
0xF75BF000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75CF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF75DF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6B65000 \SystemRoot\System32\DRIVERS\ks.sys
0xF78A7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6B4D000 \SystemRoot\system32\drivers\ac97intc.sys
0xF6B29000 \SystemRoot\system32\drivers\portcls.sys
0xF75FF000 \SystemRoot\system32\drivers\drmk.sys
0xF7C55000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF765F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7A17000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6B12000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF766F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF767F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78B7000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6B01000 \SystemRoot\System32\DRIVERS\psched.sys
0xF768F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF78BF000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF78C7000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6AD1000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF769F000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF78CF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7A77000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6A73000 \SystemRoot\System32\DRIVERS\update.sys
0xF732E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF76AF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76DF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7A7F000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF78E7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7A83000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A85000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78F7000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF78FF000 \SystemRoot\System32\drivers\vga.sys
0xF7A87000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A89000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7907000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF790F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7917000 \SystemRoot\System32\Drivers\NDISRD.SYS
0xF5484000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF542B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5403000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF53E1000 \SystemRoot\System32\drivers\afd.sys
0xF76EF000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF791F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF53BF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF5399000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7927000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF536E000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF52FE000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF76FF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF52E2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A07000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF770F000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF771F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF792F000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF52A3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7A8D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF6A6B000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF773F000 \SystemRoot\system32\drivers\lvusbsta.sys
0xF5161000 \SystemRoot\system32\DRIVERS\LVCM.sys
0xF4F46000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
0xF774F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF775F000 \SystemRoot\system32\drivers\usbaudio.sys
0xF6A67000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF779F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4E8E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AC1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF52C2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF783F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B8B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFDB0000 \SystemRoot\System32\G400d.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF2A1A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF2A0E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2795000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7A7B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF782F000 \SystemRoot\System32\drivers\aspi32.sys
0xF2694000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF24FC000 \SystemRoot\System32\DRIVERS\srv.sys
0xF21EF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF25A4000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1F0F000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
448 C:\WINDOWS\system32\smss.exe
496 csrss.exe
520 C:\WINDOWS\system32\winlogon.exe
564 C:\WINDOWS\system32\services.exe
576 C:\WINDOWS\system32\lsass.exe
784 C:\WINDOWS\system32\svchost.exe
832 svchost.exe
896 C:\WINDOWS\system32\svchost.exe
936 svchost.exe
968 svchost.exe
1220 C:\WINDOWS\system32\spoolsv.exe
1280 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1344 svchost.exe
1400 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1412 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1456 C:\Program Files\Bonjour\mDNSResponder.exe
1472 R:\cbVSCService.exe
1560 C:\WINDOWS\system32\cisvc.exe
1580 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
1608 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
1680 C:\Program Files\Java\jre6\bin\jqs.exe
1688 C:\Program Files\Google\Update\GoogleUpdate.exe
1872 C:\WINDOWS\system32\svchost.exe
1928 C:\WINDOWS\system32\ups.exe
228 C:\WINDOWS\system32\wuauclt.exe
1364 C:\WINDOWS\explorer.exe
2348 alg.exe
3180 C:\Program Files\Mozilla Firefox\firefox.exe
3920 C:\Program Files\Logitech\Video\FxSvr2.exe
3948 C:\WINDOWS\system32\LVCOMSX.EXE
384 C:\Documents and Settings\Rich.DELL\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\R: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTOR6L020L1, Rev: A93.0500
PhysicalDrive3 Model Number: SeagateFreeAgentDesktop, Rev: 100D
PhysicalDrive1 Model Number: ST3160023A, Rev: 8.01

Size Device Name MBR Status
--------------------------------------------
19 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
149 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 12 December 2010 - 06:24 PM

The MBRCheck log shows a non-standard or infected MBR. I believe that this partition may be an external Buffalo storage system. Is that right?
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#9 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 12 December 2010 - 09:25 PM

I have an external hardware and 2 two internal hard drives.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 13 December 2010 - 02:03 PM

That's okay then.

Please run Hamed next, this detects Mebroot, a rootkit that likes to disable tools from running

Download and run HAMeb_check.exe

Post the contents of the resulting log.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#11 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 13 December 2010 - 02:45 PM

C:\Documents and Settings\Rich.DELL\Desktop\HAMeb_check.exe
Mon 12/13/2010 at 13:43:28.98

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 13 December 2010 - 03:38 PM

Please run Combofix. No rootkits it seems but something's lurking...

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#13 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 14 December 2010 - 11:02 AM

ComboFix 10-12-13.07 - Rich 12/14/2010 9:45.3.1 - x86
Running from: c:\documents and settings\Rich.DELL\Desktop\comfix.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\RICH~1.DEL\STARTM~1\Programs\System Tool
c:\docume~1\RICH~1.DEL\STARTM~1\Programs\System Tool\System Tool 2011.lnk
c:\documents and settings\All Users\Application Data\hIaGk06301
c:\documents and settings\All Users\Application Data\hIaGk06301\hIaGk06301
c:\documents and settings\All Users\Application Data\hIaGk06301\hIaGk06301.exe
c:\documents and settings\Rich\Application Data\E-centives\BSTIeprintctl1.dll
c:\program files\Common Files\Uninstall
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-09 19:48 . 2010-12-09 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-09 19:48 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 17:45 . 2010-12-07 17:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-07 16:03 . 2010-12-07 16:03 -------- d-----w- c:\program files\Innovative Solutions
2010-12-06 19:50 . 2010-12-07 17:45 -------- dcs---w- c:\documents and settings\NeroMediaHomeUser.4
2010-12-06 19:15 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2010-12-03 14:56 . 2010-12-03 14:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-02 21:23 . 2008-04-14 01:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-02 21:23 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-02 21:23 . 2008-04-14 01:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-02 21:23 . 2001-08-18 04:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-02 21:23 . 2001-08-18 04:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-02 21:22 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-02 21:22 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-12-02 21:22 . 2004-08-04 05:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-12-02 21:22 . 2004-08-04 05:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-12-02 21:22 . 2008-04-14 01:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-12-02 21:21 . 2008-04-13 19:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-12-02 21:21 . 2004-08-04 05:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-12-02 21:21 . 2001-08-17 18:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-12-02 21:21 . 2001-08-17 19:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-12-02 21:21 . 2001-08-18 04:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-12-02 21:21 . 2001-08-18 04:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-12-02 21:21 . 2001-08-17 19:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-12-02 21:19 . 2001-08-18 04:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-12-02 21:18 . 2001-08-17 19:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-12-02 21:17 . 2001-07-21 20:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-12-02 21:16 . 2001-08-17 18:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-12-02 21:15 . 2001-08-17 19:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-12-02 21:14 . 2001-08-18 04:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-12-02 21:13 . 2001-08-17 18:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-12-02 21:12 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-12-02 21:12 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-12-02 21:12 . 2008-04-13 19:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-02 21:11 . 2001-08-17 19:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-12-02 21:11 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-12-02 21:11 . 2001-08-17 19:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-12-02 21:11 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-12-02 21:11 . 2001-08-17 20:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-12-02 21:11 . 2001-08-17 18:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-02 21:09 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-12-02 21:08 . 2001-08-18 04:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-12-02 21:07 . 2001-08-17 19:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-12-02 21:06 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-12-02 21:05 . 2001-08-17 18:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-12-02 21:04 . 2001-08-18 04:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2010-12-02 21:03 . 2001-08-17 19:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-12-02 21:02 . 2001-08-17 19:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-12-01 15:43 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-30 15:08 . 2010-11-30 15:08 -------- dc----w- C:\New Folder
2010-11-29 22:21 . 2010-11-29 22:21 -------- dc----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2010-11-29 20:59 . 2010-11-29 20:59 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-29 20:59 . 2010-11-29 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-29 17:52 . 2010-11-29 17:52 -------- d-----w- c:\program files\NOS
2010-11-29 16:12 . 2010-12-06 16:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-29 15:26 . 2010-11-29 15:26 -------- d-----w- c:\program files\Lavasoft
2010-11-22 19:52 . 2010-11-22 19:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-22 19:52 . 2010-11-22 19:52 -------- d-----w- c:\program files\MSBuild
2010-11-22 19:51 . 2010-11-22 19:51 -------- d-----w- c:\program files\Reference Assemblies
2010-11-22 12:04 . 2010-12-09 14:50 -------- dc----w- c:\documents and settings\Rich.DELL
2010-11-22 12:04 . 2010-11-22 12:06 -------- dc----w- c:\documents and settings\TEMP
2010-11-16 16:30 . 2010-11-16 16:32 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:39 . 2010-04-06 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cttfmon.exe]
backup=c:\windows\pss\cttfmon.exeCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus NX400 Series]
2007-12-17 05:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 06:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"stllssvr"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SeaPort"=2 (0x2)
"ScsiAccess"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"fsssvc"=3 (0x3)
"FreePOPs"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:Tversity
"41952:UDP"= 41952:UDP:Tversity

R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;R:\cbVSCService.exe [2010-09-23 67584]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 133104]
R3 Acpiser;Acpiser; [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R4 avg8emc;AVG8 E-mail Scanner; [x]
R4 avg8wd;AVG8 WatchDog; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2008-07-31 12936]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-07-31 97928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2008-07-31 76040]


--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-13 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2001-08-23 12:00]

2010-12-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2001-08-23 00:12]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 04:33]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 04:33]
.
.
------- Supplementary Scan -------
.
DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-cttfmon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 09:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-14 10:01:23
ComboFix-quarantined-files.txt 2010-12-14 16:01

Pre-Run: 328,364,032 bytes free
Post-Run: 293,228,544 bytes free

- - End Of File - - DC4921A3AED25D51E41AA5483B6E8B51

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:16 PM

Posted 14 December 2010 - 08:13 PM

There shows that Combofix attempted to run, stopped and then did actually remove the infection.

Please run MBAM and then ESET to clear up

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Edited by m0le, 14 December 2010 - 08:14 PM.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#15 richhb

richhb
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 15 December 2010 - 09:53 AM

I have tried to install and run Malwarebytes Anti-Malware, but I get this error(look at attached doc). Now my desktop items are moving all over, I still can't change my settings and I keep getting a low disk error.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users