Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was Infected with PUM.Hidden.Desktop, Trojan.Dropper and more.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Dirk Pro

Dirk Pro

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 25 May 2011 - 09:56 AM

Hi,

I was advised by cryptodan to post my logs here.

Link to my other topic at "Am I Infected, What do I do?", http://www.bleepingcomputer.com/forums/topic398710.html

Basically I ran a MBAM scan and removed a few things. Upon restart, I noticed all my desktop icons, folders on my second hard drive, and start menu (like Programs) were missing. I read around the forums and found the useful tool unhide.exe. I ran that and all my icons came back. One question though, all the shortcuts in the start menu like for example, Start Menu>Programs>Games>Call of Duty, is missing. Do I have to recreate those?

I just want to make sure there are no left-overs.

Thanks.


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Administrator at 8:08:35 on 2011-05-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1281 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Accessories\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast5\avastUI.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VX3000] c:\windows\vVX3000.exe
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoSMHelp = 01000000
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264357330796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262807130484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\access~1\window~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hu3p0pw2.default\
FF - prefs.js: browser.startup.homepage - hxxp://sports.yahoo.com/fantasy
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-15 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\accessories\superantispyware\sasdifsv.sys [2008-8-20 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\accessories\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-15 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2010-6-15 42184]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]
R2 WinDefend;Windows Defender;c:\program files\accessories\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-4-8 20504]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-4-8 21528]
S3 SASENUM;SASENUM;c:\program files\accessories\superantispyware\SASENUM.SYS [2008-8-20 7408]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2011-05-22 19:56:14 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-22 19:56:14 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-22 19:56:14 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-22 19:56:14 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-22 19:56:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-22 19:56:14 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-22 19:56:14 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-22 19:56:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-21 03:12:05 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-14 21:44:17 675088 ----a-w- C:\RealPlayer.exe
.
==================== Find3M ====================
.
2011-05-25 02:56:10 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-25 02:55:48 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 02:55:48 202448 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-04-08 16:53:12 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-06 15:16:33 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-06 15:16:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-06 15:16:30 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-01 00:44:57 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-18 00:50:52 1068544 ----a-w- C:\CouponPrinter.exe
.
============= FINISH: 8:09:43.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 04 June 2011 - 05:57 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 04 June 2011 - 08:52 PM

Thank you for the reply. I am here!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 05 June 2011 - 04:11 AM

Yes, you have to recreate personal settings such as shortcuts. Let's make sure there's nothing left.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#5 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 05 June 2011 - 08:57 AM

Ok, thanks. Recreating the shortcuts should be fine.

Here's the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-05 09:55:35
-----------------------------
09:55:35.718 OS Version: Windows 5.1.2600 Service Pack 3, v.6055
09:55:35.718 Number of processors: 2 586 0xF0D
09:55:35.718 ComputerName: ADMIN UserName:
09:55:36.781 Initialize success
09:55:39.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:55:39.125 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA50E Size: 476938MB BusType: 3
09:55:39.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
09:55:39.125 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
09:55:41.156 Disk 0 MBR read successfully
09:55:41.156 Disk 0 MBR scan
09:55:41.156 Disk 0 Windows XP default MBR code
09:55:43.203 Disk 0 scanning sectors +976752000
09:55:43.234 Disk 0 scanning C:\WINDOWS\system32\drivers
09:55:47.531 Service scanning
09:55:48.468 Disk 0 trace - called modules:
09:55:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:55:48.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e6ab8]
09:55:48.500 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a878138]
09:55:48.500 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a871d98]
09:55:48.500 Scan finished successfully
09:56:03.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
09:56:03.015 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 05 June 2011 - 11:41 AM

Okay, now run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#7 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 05 June 2011 - 12:26 PM

Here's the TDSS log. It only took 10 seconds. Is this abnormal? Logs for MBAM will be posted shortly.

Thanks.

2011/06/05 13:21:17.0437 1532 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 13:21:17.0734 1532 ================================================================================
2011/06/05 13:21:17.0734 1532 SystemInfo:
2011/06/05 13:21:17.0734 1532
2011/06/05 13:21:17.0734 1532 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 13:21:17.0734 1532 Product type: Workstation
2011/06/05 13:21:17.0734 1532 ComputerName: ADMIN
2011/06/05 13:21:17.0734 1532 UserName: Administrator
2011/06/05 13:21:17.0734 1532 Windows directory: C:\WINDOWS
2011/06/05 13:21:17.0734 1532 System windows directory: C:\WINDOWS
2011/06/05 13:21:17.0734 1532 Processor architecture: Intel x86
2011/06/05 13:21:17.0734 1532 Number of processors: 2
2011/06/05 13:21:17.0734 1532 Page size: 0x1000
2011/06/05 13:21:17.0734 1532 Boot type: Normal boot
2011/06/05 13:21:17.0734 1532 ================================================================================
2011/06/05 13:21:19.0078 1532 Initialize success
2011/06/05 13:21:27.0265 0380 ================================================================================
2011/06/05 13:21:27.0265 0380 Scan started
2011/06/05 13:21:27.0265 0380 Mode: Manual;
2011/06/05 13:21:27.0265 0380 ================================================================================
2011/06/05 13:21:27.0718 0380 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/05 13:21:27.0812 0380 ACPI (15634a4d4371423ad438b93ee0519cb8) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/05 13:21:27.0859 0380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/05 13:21:27.0906 0380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/05 13:21:27.0953 0380 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/05 13:21:28.0125 0380 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/05 13:21:28.0140 0380 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/05 13:21:28.0296 0380 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/05 13:21:28.0343 0380 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/05 13:21:28.0390 0380 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/05 13:21:28.0421 0380 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/05 13:21:28.0484 0380 AsyncMac (0d4681f78a20b50d691a4f3c9f75eb41) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/05 13:21:28.0515 0380 atapi (335bb30ed68cf3dc0ee2bddb438b6a9b) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/05 13:21:28.0546 0380 Atmarpc (ecf89e5bd58e3a3cc2e7db0f0d9f6c6c) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/05 13:21:28.0562 0380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/05 13:21:28.0703 0380 avipbb (ae2660b7509d40652f71c23a6acd6ede) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/05 13:21:28.0734 0380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/05 13:21:28.0796 0380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/05 13:21:28.0859 0380 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/05 13:21:28.0875 0380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/05 13:21:28.0906 0380 Cdfs (b7b2efd695bb6e937eb3e5b5465b6f47) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/05 13:21:28.0953 0380 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/06/05 13:21:28.0984 0380 Cdrom (1f29616b1fc4d66a988cf97531bcf729) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/05 13:21:29.0187 0380 Disk (023712144c69e60fcb662cda2715bf16) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/05 13:21:29.0234 0380 dmboot (1e5c89a65465f6d9674898eb4989cb86) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/05 13:21:29.0250 0380 dmio (6cf151f832ec417ffaf68f20ed7d39fb) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/05 13:21:29.0281 0380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/05 13:21:29.0312 0380 DMusic (c561840c22148f5affb659d547efdbb0) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/05 13:21:29.0437 0380 drmkaud (c13ee685aa1a8950146f7f968eb090bd) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/05 13:21:29.0500 0380 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/06/05 13:21:29.0562 0380 Fastfat (f696cf49c72f50ea0c1038c2daa98a00) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/05 13:21:29.0593 0380 Fdc (650fa0d37498f9e2b201a09dbca0b85b) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/05 13:21:29.0625 0380 Fips (74947fd2d6a9151c0bb9c72bdaf0e894) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/05 13:21:29.0625 0380 Flpydisk (3b8607a2bf5aec3dab18cf3612c07c1d) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/05 13:21:29.0687 0380 FltMgr (87ec219a7ae5553144e2086d2d7daa8a) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/05 13:21:29.0750 0380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/05 13:21:29.0890 0380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/05 13:21:29.0921 0380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 13:21:29.0953 0380 Gpc (9479c26a5691ccea495e2438ef11c948) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/05 13:21:30.0000 0380 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/05 13:21:30.0031 0380 HidUsb (5f845228561e9545edc6f9ebfa15d338) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/05 13:21:30.0093 0380 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\WINDOWS\system32\drivers\hppcbulkio.sys
2011/06/05 13:21:30.0109 0380 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\WINDOWS\system32\drivers\hppcfaxio.sys
2011/06/05 13:21:30.0171 0380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/05 13:21:30.0203 0380 i8042prt (30abe7000df369d8b1c4174429260aad) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/05 13:21:30.0250 0380 Imapi (e32bf30d20b5c162775f9a3451e87b67) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/05 13:21:30.0421 0380 IntcAzAudAddService (8998a1e6f899f790e5eff9cd2c431a23) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/05 13:21:30.0625 0380 intelppm (b3731ca1bdb32f83c817263646c31c15) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/05 13:21:30.0640 0380 Ip6Fw (ef9bb587e33c2c245b5b83e882501ff6) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/05 13:21:30.0671 0380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/05 13:21:30.0687 0380 IpInIp (30aba7a3f81e4b76c963cd6caa23cb49) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/05 13:21:30.0703 0380 IpNat (eeb5787bd1445c8dc592f40691781774) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/05 13:21:30.0750 0380 IPSec (bfea19daff955239a16a80c3cdf64fbe) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/05 13:21:30.0781 0380 IRENUM (64e28d94089cff1c3c77f02f99ffac3f) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/05 13:21:30.0828 0380 isapnp (81a40a1118265dfc09c036f7776ebcc0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/05 13:21:30.0875 0380 Kbdclass (4ff969b48f320f6ce0b07247069c4c22) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/05 13:21:30.0921 0380 kbdhid (0cded60b750cb5023e901f1fe4e15556) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/05 13:21:30.0953 0380 kmixer (55e8d7039254728e9f071118184ff53b) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/05 13:21:31.0125 0380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/05 13:21:31.0203 0380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/05 13:21:31.0250 0380 Modem (add0bb36498e4da9b1b6a3e201b60a18) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/05 13:21:31.0281 0380 Mouclass (e70558b84cb0cb9c739cc48ead2a4323) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/05 13:21:31.0312 0380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/05 13:21:31.0328 0380 MountMgr (07be8cafd246a7dfb7fd4a387e936e92) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/05 13:21:31.0359 0380 MRxDAV (ac816eff53bca79369f0b8643165368c) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/05 13:21:31.0406 0380 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/05 13:21:31.0531 0380 Msfs (4d563545581e72c477ab00741b119853) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/05 13:21:31.0593 0380 MSKSSRV (b16206732e541c04c1860d84447ef5bf) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/05 13:21:31.0625 0380 MSPCLOCK (bd33cfa58c156cbd5419a87c3a4cd0b2) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/05 13:21:31.0640 0380 MSPQM (a7ec2f88fae0f03252a60950660cc3e1) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/05 13:21:31.0656 0380 mssmbios (f41814fd8811b2ba2a43a79aa8cce82a) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/05 13:21:31.0703 0380 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/05 13:21:31.0750 0380 Mup (2bb00d68cc9fbda1ee3d9bab9e4fd620) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/05 13:21:31.0765 0380 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/05 13:21:31.0781 0380 NDIS (d1b364f049eb84a883c8a45d3b92ff3b) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/05 13:21:31.0796 0380 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/05 13:21:31.0828 0380 NdisTapi (7d0d0f2bf199c2df0a9d1b01406168ac) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/05 13:21:31.0843 0380 Ndisuio (e8969046dc350ecd1e9209dfe341c170) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/05 13:21:31.0859 0380 NdisWan (266fded9836490ff227ad13e677ba4fb) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/05 13:21:31.0906 0380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/05 13:21:31.0921 0380 NetBIOS (c70b403d8158e11bf0d43d5b153cbe6b) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/05 13:21:31.0937 0380 NetBT (c181e1f7a2a251b7af6352dcbd8457f3) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/05 13:21:32.0000 0380 Npfs (20c123afc574abf76ba35d39c26ae6df) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/05 13:21:32.0062 0380 Ntfs (34a993d7e519364f5d548b5726917753) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/05 13:21:32.0125 0380 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/06/05 13:21:32.0171 0380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/05 13:21:32.0484 0380 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/05 13:21:32.0796 0380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/05 13:21:32.0812 0380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/05 13:21:32.0906 0380 Parport (10572a94d8978619ce4845fe8595c9a5) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/05 13:21:32.0937 0380 PartMgr (67075da61516adedd710a9da6c6c8acb) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/05 13:21:32.0953 0380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/05 13:21:32.0984 0380 PCI (f3cebed46dc3a7f1758745c1d1fa5fcf) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/05 13:21:33.0000 0380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/05 13:21:33.0046 0380 Pcmcia (1ec157cb90d06455d67c007ada4973ac) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/05 13:21:33.0156 0380 PptpMiniport (87d6a848dc367056778168d40a6f1a70) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/05 13:21:33.0171 0380 PSched (8dc29e493cce832784a60bf7c120f132) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/05 13:21:33.0203 0380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/05 13:21:33.0296 0380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/05 13:21:33.0312 0380 Rasl2tp (dbc6aeda3111edaf60948fc063565006) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/05 13:21:33.0328 0380 RasPppoe (96467fc3e135f0b174b8978bd8ce69f9) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/05 13:21:33.0343 0380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/05 13:21:33.0375 0380 Rdbss (1116a775bfa71f2c13f3d420da455ff2) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/05 13:21:33.0390 0380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/05 13:21:33.0421 0380 rdpdr (9b7b9221177c83c7cbfd20b4b67f23dc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/05 13:21:33.0468 0380 RDPWD (0cd1bda7f6848e4de4eed3d36874ffb5) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/05 13:21:33.0500 0380 redbook (11540f52cbc8a4c97467579bbf7ffae2) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/05 13:21:33.0578 0380 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/05 13:21:33.0718 0380 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\Accessories\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/05 13:21:33.0765 0380 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\Accessories\SUPERAntiSpyware\SASENUM.SYS
2011/06/05 13:21:33.0781 0380 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\Accessories\SUPERAntiSpyware\SASKUTIL.sys
2011/06/05 13:21:33.0906 0380 SCDEmu (a73ae2510014103a44a5a58845219dcb) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/06/05 13:21:34.0000 0380 SecDrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\drivers\SECDRV.SYS
2011/06/05 13:21:34.0031 0380 serenum (de23787927cb72533d4869855e955329) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/05 13:21:34.0046 0380 Serial (471168d4b9adfd1f9e692f8779455188) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/05 13:21:34.0093 0380 Sfloppy (dc495a349dfd94fbfe4cf0689ed647b2) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/05 13:21:34.0171 0380 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/05 13:21:34.0234 0380 splitter (e477a633ea2d387788879a30666e5998) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/05 13:21:34.0265 0380 sr (8ec0ec1508d5c0dc9f0a46b264b41bff) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/05 13:21:34.0328 0380 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/05 13:21:34.0500 0380 ssmdrv (8903659ba9dd138942ccfc5a347ab2a1) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/05 13:21:34.0515 0380 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/05 13:21:34.0546 0380 swenum (a5491f57e70167a10ed40e19d36edd13) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/05 13:21:34.0562 0380 swmidi (5f8ab2829c52609e03560725eaf167f9) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/05 13:21:34.0640 0380 sysaudio (feaee2df25f435c153756707321bbf46) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/05 13:21:34.0687 0380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/05 13:21:34.0734 0380 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/06/05 13:21:34.0781 0380 TDPIPE (76afdfea26d4cb16e81fa32a22c34376) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/05 13:21:34.0812 0380 TDTCP (2fc82251c9e895aa48624ebe05e5774e) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/05 13:21:34.0843 0380 TermDD (4e55b6f75ad92f13d6abbf8d767cbcec) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/05 13:21:34.0890 0380 tunmp (3338d98edecb13d1a07b0a8ad76f0e0a) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/05 13:21:34.0937 0380 Udfs (90374e55f93f2883377902cb9cbfc6db) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/05 13:21:34.0968 0380 Update (415c2a770f4b6932308f9de7b19b3139) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/05 13:21:35.0031 0380 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/05 13:21:35.0078 0380 usbaudio (b24cff43deb7ac8f2ac0f2fb8a4ce16d) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/05 13:21:35.0218 0380 usbccgp (9a0a8be756bd7a9bad4a3d0e9fa7bd79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/05 13:21:35.0250 0380 usbehci (d37fee874b49d951f68e788d40d8c196) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/05 13:21:35.0265 0380 usbhub (8167383fe00199108f63269c2b8a99e1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/05 13:21:35.0296 0380 usbprint (14caa438f4ebd12dbd43db0273bc0fdc) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/05 13:21:35.0328 0380 usbscan (5be9c3f196c607aaa072ed660f9c0423) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/05 13:21:35.0375 0380 USBSTOR (e3eef7ae5105a9f99b1807031edb4171) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/05 13:21:35.0406 0380 usbuhci (b02addb9a345cbae360a29b2865c36a1) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/05 13:21:35.0437 0380 VgaSave (cc1f0dd100f577e9b029547fee285813) C:\WINDOWS\System32\drivers\vga.sys
2011/06/05 13:21:35.0484 0380 VolSnap (2abf037f9d447424b58d73706b55b762) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/05 13:21:35.0671 0380 VX3000 (b763b9807e6927004916c999fdb44c77) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2011/06/05 13:21:35.0734 0380 Wanarp (8794191476e6b93161baaa136e309454) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/05 13:21:35.0781 0380 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/05 13:21:35.0828 0380 wdmaud (cf66393a0b2e361503bf381ac013b34a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/05 13:21:35.0968 0380 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/05 13:21:36.0015 0380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/05 13:21:36.0031 0380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/05 13:21:36.0171 0380 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Accessories\PowerDVD\000.fcl
2011/06/05 13:21:36.0203 0380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/05 13:21:36.0343 0380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/05 13:21:36.0343 0380 ================================================================================
2011/06/05 13:21:36.0343 0380 Scan finished
2011/06/05 13:21:36.0343 0380 ================================================================================
2011/06/05 13:21:36.0359 2436 Detected object count: 0
2011/06/05 13:21:36.0359 2436 Actual detected object count: 0

#8 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 05 June 2011 - 01:28 PM

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6775

Windows 5.1.2600 Service Pack 3, v.6055
Internet Explorer 7.0.5730.13

6/5/2011 2:27:28 PM
mbam-log-2011-06-05 (14-27-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 333466
Time elapsed: 1 hour(s), 0 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 05 June 2011 - 01:53 PM

TDSSKiller is a quick program.

Please run ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#10 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 05 June 2011 - 04:50 PM

Here's the log:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Test Drive Unlimited\TestDriveUnlimited-1.66A-Trn.exe probably a variant of Win32/GameHack.F application cleaned by deleting - quarantined
D:\Games\Patches\Crysis\Crysis trainer.rar a variant of Win32/GameHack.D application deleted - quarantined
D:\Games\Patches\Test Drive Unlimited\tdunl166acaltrn-ch.zip probably a variant of Win32/GameHack.F application deleted - quarantined

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 06 June 2011 - 02:25 PM

Spybot got Bagle worm which was good. The last three entries were still hanging around.

How's the machine now?
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#12 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 07 June 2011 - 08:11 AM

I got a question regarding the Bagle worm, I noticed that it was found in the Spybot\Recovery folder. So apparently after a Spybot scan , it was not fully removed? That stinks.

Also, sometimes after starting my computer, I would notice a "No signal" message on the monitor. I had to then restart my computer, and everything would be fine. Could this be a hardware rather than a software problem?

Sometimes my computer hangs on startup and freezes as well. Though after running ESET 2 days ago, freezing has stopped.

Sorry for so many questions. I appreciate your help.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 07 June 2011 - 02:34 PM

I got a question regarding the Bagle worm, I noticed that it was found in the Spybot\Recovery folder. So apparently after a Spybot scan , it was not fully removed? That stinks.

No, actually Spybot caught all of Bagle but there were other lesser infections which SpyBot wouldn't be looking for.

Also, sometimes after starting my computer, I would notice a "No signal" message on the monitor. I had to then restart my computer, and everything would be fine. Could this be a hardware rather than a software problem?

No signal is usually hardware.

Sometimes my computer hangs on startup and freezes as well. Though after running ESET 2 days ago, freezing has stopped.

That was Game Hack, often called a rootkit but really a trojan. It was slowing up your PC by using resources.

Anything else you would like to know? :)
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#14 Dirk Pro

Dirk Pro
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 07 June 2011 - 03:55 PM

Awesome, thanks for the info. I think I became smarter after reading your answers. :thumbup2:

I am pretty sure there is nothing lingering around anymore. Anything else I should do? If not, thanks a bunch!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:15 AM

Posted 07 June 2011 - 05:51 PM

Nope, we're ready to wrap this up...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Dirk Pro, happy surfing!

Cheers.

m0le
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users