Google gets redirected

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Google gets redirected

#1 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 30 July 2011 - 09:01 PM

Hi,

My google search is being redirected. Please help me in getting rid of this virus. Any help would be appreciated. I am not able to paste the entire DDS file, please let me know if there is any other way I can send it.

mbam-log-2011-07-29 (23-37-03).txt (1.14K)
Number of downloads: 0

ark.txt (37.47K)
Number of downloads: 2

attach.txt (16.65K)
Number of downloads: 1

combofix.log (11.32K)
Number of downloads: 4

Thanks.
Taruna

DDS Log

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dr. Ram at 11:51:36 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.780 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.

This post has been edited by Taruna: 30 July 2011 - 09:10 PM

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 August 2011 - 11:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

In your next post I need the following

.logs from DDS
log from RKUnHooker
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 07 August 2011 - 04:29 PM

#4 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 07 August 2011 - 04:31 PM

Thanks for the reply Gringo. Here is the information you requested.
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2009 2:02:56 PM
System Uptime: 8/7/2011 3:32:13 PM (0 hours ago)
.
Motherboard: DELL SYSTEM | | Inspiron 700m
Processor: Intel® Pentium® M processor 1.60GHz | U1 | 1594/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 18.052 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 7/28/2011 9:18:16 PM - System Checkpoint
RP16: 7/30/2011 1:45:49 PM - System Checkpoint
RP17: 7/30/2011 10:53:52 PM - Software Distribution Service 3.0
RP18: 8/1/2011 1:32:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.10 beta
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
Conexant D480 MDC V.9x Modem
Coupon Printer for Windows
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Google Chrome
Google Update Helper
H&R Block Deluxe + Efile + State 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 24
jZip
KONICA MINOLTA PagePro 1350W
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PowerDVD 5.1
PrimoPDF -- by Nitro PDF Software
QuickTime
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sophos Remote Management System
Spelling Dictionaries Support For Adobe Reader 9
Universal Imaging Utility - Live Version
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
.
==== Event Viewer Messages From Past Week ========
.
8/4/2011 9:55:47 PM, information: Windows File Protection [64004] - The protected system file dbghelp.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x8e5e0442.
8/2/2011 10:01:43 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================

RkUnhooker.txt
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB93C2000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2220032 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91E5000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7B05000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xBF065000 C:\WINDOWS\System32\ialmdd5.DLL 798720 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB9618000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 753664 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB913D000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBA75C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB0D15000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9087000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB0E8F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAFAAE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF128000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB0E48000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAF480000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9339000 C:\WINDOWS\system32\drivers\stac97.sys 266240 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xB0CD9000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB92E4000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xB90E5000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB0689000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xBA72F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE8C1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB0DAD000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB0DFA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 155648 bytes (Intel Corporation, Component GHAL Driver)
0xB0E22000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9315000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB95E0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB937A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB0DD8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAF7E1000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF745C000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xBA715000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB0C71000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xBA7E9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9126000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0874000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB939D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9604000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB0EE8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9115000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB93B1000 C:\WINDOWS\system32\drivers\tifm.sys 69632 bytes (Texas Instruments, tifm.sys)
0xF7577000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF76A7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7547000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA645000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9A1B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9A2B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF76B7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7507000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7567000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB9A0B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA685000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB99EB000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA655000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7557000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB99FB000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB9700000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7667000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB99CB000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAE82F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7587000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB99DB000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA675000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77CF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7817000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Firewall intermediate miniport driver)
0xF7717000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB98D5000 C:\DOCUME~1\DRRAM~1.FH-\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7807000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB98AD000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB98BD000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF780F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB98DD000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF775F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF78AB000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF78A3000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA6E5000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA6C1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB0B61000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF78A7000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF789B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789F000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB0CD5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x89E6C000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAFDF2000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB0669000 C:\WINDOWS\system32\MLPTDR_Q.SYS 12288 bytes (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., -)
0xBA6DD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF793B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79DB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7989000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF799F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79D9000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79DD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79B5000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7987000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A51000 atiide.sys 4096 bytes (ATI Technologies Inc., ATI SATA(IDE Mode) Controller Driver)
0xB8FC4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AAB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89EB827F ?_empty_? 3457 bytes
==============================================
>Stealth
==============================================
0xF747C000 WARNING: suspicious driver modification [atapi.sys::0x89EB827F]

Thanks.
Taruna

#5 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 07 August 2011 - 04:33 PM

Gringo,

I am not able to post the DDS.txt log. I get an internet error when I click on the post message button. Please advice

Thanks,
Taruna

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 August 2011 - 04:57 PM

Hello

that is the virus doing that

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#7 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 08 August 2011 - 03:47 PM

Hi Gringo,

Here is the combofix log. The computer is doing OK, becomes very slow after running for couple hours and google search is getting redirected to various sites like shopica.

Please let me know next steps.

Thanks,
Taruna

ComboFix 11-08-08.01 - Dr. Ram 08/08/2011 14:40:13.20.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.252 [GMT -5:00]
Running from: c:\documents and settings\Dr. Ram.FH-2135-2\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-02 15:44 . 2011-08-02 15:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-08-02 15:35 . 2011-08-02 15:35 -------- d-----w- c:\program files\iPod
2011-08-02 15:35 . 2011-08-02 15:37 -------- d-----w- c:\program files\iTunes
2011-08-02 15:27 . 2011-08-02 15:27 -------- d-----w- c:\program files\Bonjour
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-02 15:15 . 2011-08-02 15:16 -------- d-----w- c:\program files\QuickTime
2011-07-30 23:17 . 2011-07-30 23:17 -------- d-----w- C:\$AVG
2011-07-30 22:09 . 2011-07-30 22:09 -------- d-----w- c:\documents and settings\Dr. Ram.FH-2135-2\Application Data\AVG10
2011-07-30 21:10 . 2011-07-30 21:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-30 21:04 . 2011-08-08 14:20 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 21:04 . 2011-08-08 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-07-30 21:02 . 2011-07-30 21:02 -------- d-----w- c:\program files\AVG
2011-07-30 20:52 . 2011-07-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-30 04:25 . 2011-07-30 04:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-07-29 14:59 . 2011-07-29 15:10 -------- d-----w- C:\Combo-Fix
2011-07-28 21:03 . 2011-07-28 21:03 54016 ----a-w- c:\windows\system32\drivers\anqhaxs.sys
2011-07-13 20:05 . 2011-07-13 20:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 02:39 . 2011-07-30 04:31 -------- d-----w- C:\ee05e4f4789988cc8769ea5a5da31f
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2011-05-14 22:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-05-14 22:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_04.54.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-02 15:28 . 2011-05-10 13:06 42496 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaapl.sys
+ 2011-08-02 15:28 . 2011-05-10 13:06 18432 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\netaapl.sys
+ 2009-12-24 04:32 . 2011-05-10 13:06 42496 c:\windows\system32\drivers\usbaapl.sys
+ 2011-03-16 21:03 . 2011-03-16 21:03 32592 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-03-01 19:25 . 2011-03-01 19:25 34896 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 27216 c:\windows\system32\drivers\AVGIDSShim.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 24144 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-02-22 13:13 . 2011-02-22 13:13 22992 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2010-07-12 09:33 . 2010-07-12 09:33 30432 c:\windows\system32\drivers\avgfwdx.sys
+ 2010-07-12 09:33 . 2010-07-12 09:33 51040 c:\windows\system32\avgfwdx.dll
+ 2011-07-31 03:54 . 2011-07-31 03:54 19968 c:\windows\Installer\739fa.msi
+ 2011-08-02 15:21 . 2011-08-02 15:21 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-05 05:59 . 2011-04-05 05:59 297168 c:\windows\system32\drivers\avgtdix.sys
+ 2011-01-07 11:41 . 2011-01-07 11:41 248656 c:\windows\system32\drivers\avgldx86.sys
+ 2011-04-15 02:28 . 2011-04-15 02:28 134480 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2011-07-30 21:02 . 2011-07-30 21:02 219648 c:\windows\Installer\8d1b3e.msi
+ 2011-08-02 15:26 . 2011-08-02 15:26 811520 c:\windows\Installer\31941d0.msi
+ 2011-08-02 15:37 . 2011-08-02 15:37 380928 c:\windows\Installer\{C73CA646-73B3-4AEF-A136-C37505745174}\iTunesIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-12-24 04:32 . 2011-05-10 13:06 4517664 c:\windows\system32\usbaaplrc.dll
+ 2011-08-02 15:28 . 2011-05-10 13:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaaplrc.dll
+ 2011-08-02 15:28 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\wdfcoinstaller01009.dll
+ 2011-08-05 02:58 . 2011-08-05 02:58 3489280 c:\windows\Installer\f3e52.msi
+ 2011-08-07 20:44 . 2011-08-07 20:44 1611776 c:\windows\Installer\b0739.msi
+ 2011-08-02 15:37 . 2011-08-02 15:37 6379520 c:\windows\Installer\3194add.msi
+ 2011-08-02 15:29 . 2011-08-02 15:29 3085312 c:\windows\Installer\319423e.msi
+ 2011-08-02 15:27 . 2011-08-02 15:27 1984512 c:\windows\Installer\31941f3.msi
+ 2011-08-02 15:21 . 2011-08-02 15:21 1769984 c:\windows\Installer\31941b3.msi
+ 2011-08-02 15:19 . 2011-08-02 15:19 1710592 c:\windows\Installer\3194154.msi
+ 2011-08-02 15:15 . 2011-08-02 15:15 9472000 c:\windows\Installer\3194112.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-20 126976]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2003-07-22 163840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786437548-1411649741-2705759841-41708\Scripts\Logon\0\0]
"Script"=LogonDesctest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786437548-1411649741-2705759841-8081\Scripts\Logon\0\0]
"Script"=LogonDesctest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"Sophos Message Router"=2 (0x2)
"Sophos Agent"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Dr. Ram.FH-2135-2\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [11/20/2009 5:42 PM 3456]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [7/22/2003 2:44 AM 18848]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 7:15 PM 135664]
S3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 7:00 AM 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 7:15 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 00:15]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 00:15]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926579517-2988711504-1731696492-1018Core.job
- c:\documents and settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-30 15:21]
.
2011-08-08 c:\windows\Tasks\User_Feed_Synchronization-{28AD0EE6-6A0D-478F-BB4D-D777D776585B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 15:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS548040M9AT00 rev.MG2OA5EA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89EB8439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ebe7d0]; MOV EAX, [0x89ebe84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x89F4BAB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000007f[0x89F689E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x89F68D98]
\Driver\atapi[0x89F1D848] -> IRP_MJ_CREATE -> 0x89EB8439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS548040M9AT00_________________________MG2OA5EA#5&2bb2d393&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89EB827F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1492)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1552)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(15600)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-08 15:31:58
ComboFix-quarantined-files.txt 2011-08-08 20:31
ComboFix2.txt 2011-07-30 04:58
.
Pre-Run: 18,482,716,672 bytes free
Post-Run: 19,584,434,176 bytes free
.
- - End Of File - - 91C50B50934F10A87E49B5CA3A33576B

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 08 August 2011 - 08:00 PM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#9 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 08 August 2011 - 11:08 PM

Gringo,

Here is the log from TDSSKiller

Thanks.

2011/08/08 22:21:52.0442 30640 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/08 22:21:53.0293 30640 ================================================================================
2011/08/08 22:21:53.0293 30640 SystemInfo:
2011/08/08 22:21:53.0293 30640
2011/08/08 22:21:53.0293 30640 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/08 22:21:53.0293 30640 Product type: Workstation
2011/08/08 22:21:53.0293 30640 ComputerName: FH-2135-2
2011/08/08 22:21:53.0313 30640 UserName: Dr. Ram
2011/08/08 22:21:53.0313 30640 Windows directory: C:\WINDOWS
2011/08/08 22:21:53.0313 30640 System windows directory: C:\WINDOWS
2011/08/08 22:21:53.0313 30640 Processor architecture: Intel x86
2011/08/08 22:21:53.0313 30640 Number of processors: 1
2011/08/08 22:21:53.0313 30640 Page size: 0x1000
2011/08/08 22:21:53.0313 30640 Boot type: Normal boot
2011/08/08 22:21:53.0313 30640 ================================================================================
2011/08/08 22:21:58.0901 30640 Initialize success
2011/08/08 22:22:14.0263 32352 ================================================================================
2011/08/08 22:22:14.0263 32352 Scan started
2011/08/08 22:22:14.0263 32352 Mode: Manual;
2011/08/08 22:22:14.0263 32352 ================================================================================
2011/08/08 22:22:16.0927 32352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/08 22:22:17.0208 32352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/08 22:22:17.0698 32352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/08 22:22:18.0439 32352 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/08 22:22:21.0854 32352 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/08 22:22:28.0093 32352 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/08 22:22:30.0236 32352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/08 22:22:30.0827 32352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/08 22:22:32.0009 32352 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\Drivers\atiide.sys
2011/08/08 22:22:32.0520 32352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/08 22:22:33.0100 32352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/08 22:22:33.0771 32352 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/08 22:22:33.0842 32352 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/08 22:22:34.0452 32352 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/08 22:22:35.0093 32352 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/08 22:22:35.0424 32352 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/08 22:22:35.0734 32352 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/08 22:22:36.0375 32352 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/08 22:22:36.0756 32352 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/08 22:22:37.0417 32352 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/08 22:22:37.0837 32352 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/08 22:22:38.0628 32352 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/08/08 22:22:38.0979 32352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/08 22:22:39.0990 32352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/08 22:22:40.0741 32352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/08 22:22:41.0142 32352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/08 22:22:41.0753 32352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/08 22:22:42.0784 32352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/08 22:22:43.0475 32352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/08 22:22:44.0517 32352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/08 22:22:45.0038 32352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/08 22:22:45.0669 32352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/08 22:22:45.0889 32352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/08 22:22:46.0139 32352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/08 22:22:46.0720 32352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/08 22:22:47.0191 32352 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/08/08 22:22:47.0471 32352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/08 22:22:47.0982 32352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/08 22:22:48.0182 32352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/08 22:22:48.0382 32352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/08 22:22:48.0633 32352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/08 22:22:49.0134 32352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/08 22:22:49.0434 32352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/08 22:22:49.0694 32352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/08 22:22:50.0175 32352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/08 22:22:50.0515 32352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/08 22:22:50.0796 32352 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/08 22:22:51.0447 32352 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/08/08 22:22:51.0978 32352 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/08 22:22:52.0809 32352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/08 22:22:53.0690 32352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/08 22:22:54.0121 32352 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/08 22:22:54.0772 32352 iastor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\Drivers\iaStor.sys
2011/08/08 22:22:55.0082 32352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/08 22:22:55.0953 32352 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\drivers\IntelIde.sys
2011/08/08 22:22:56.0274 32352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/08 22:22:56.0544 32352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/08 22:22:56.0975 32352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/08 22:22:57.0215 32352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/08 22:22:57.0465 32352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/08 22:22:57.0926 32352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/08 22:22:58.0177 32352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/08 22:22:58.0417 32352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/08 22:22:58.0817 32352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/08 22:22:59.0008 32352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/08 22:22:59.0338 32352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/08 22:22:59.0619 32352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/08 22:23:00.0550 32352 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/08 22:23:01.0101 32352 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\WINDOWS\system32\MLPTDR_Q.SYS
2011/08/08 22:23:01.0441 32352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/08 22:23:01.0722 32352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/08 22:23:02.0112 32352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/08 22:23:02.0453 32352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/08 22:23:02.0693 32352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/08 22:23:03.0664 32352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/08 22:23:04.0295 32352 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/08 22:23:04.0756 32352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/08 22:23:05.0147 32352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/08 22:23:05.0607 32352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/08 22:23:05.0817 32352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/08 22:23:06.0068 32352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/08 22:23:06.0508 32352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/08 22:23:06.0829 32352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/08 22:23:07.0089 32352 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/08 22:23:07.0280 32352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/08 22:23:07.0670 32352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/08 22:23:07.0900 32352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/08 22:23:08.0161 32352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/08 22:23:08.0501 32352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/08 22:23:08.0852 32352 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/08 22:23:09.0072 32352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/08 22:23:09.0533 32352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/08 22:23:10.0014 32352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/08 22:23:10.0264 32352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/08 22:23:10.0715 32352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/08 22:23:10.0965 32352 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/08 22:23:11.0245 32352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/08 22:23:11.0446 32352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/08 22:23:11.0866 32352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/08 22:23:12.0197 32352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/08 22:23:12.0617 32352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/08 22:23:13.0038 32352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/08 22:23:14.0800 32352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/08 22:23:15.0141 32352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/08 22:23:15.0351 32352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/08 22:23:15.0622 32352 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/08 22:23:16.0964 32352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/08 22:23:17.0174 32352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/08 22:23:17.0544 32352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/08 22:23:17.0765 32352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/08 22:23:18.0025 32352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/08 22:23:18.0275 32352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/08 22:23:18.0696 32352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/08 22:23:18.0976 32352 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/08 22:23:19.0227 32352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/08 22:23:19.0707 32352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/08 22:23:19.0968 32352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/08 22:23:20.0258 32352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/08 22:23:20.0499 32352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/08 22:23:21.0320 32352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/08 22:23:21.0580 32352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/08 22:23:22.0141 32352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/08 22:23:22.0542 32352 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2011/08/08 22:23:22.0972 32352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/08 22:23:23.0233 32352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/08 22:23:24.0294 32352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/08 22:23:24.0645 32352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/08 22:23:25.0225 32352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/08 22:23:25.0526 32352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/08 22:23:25.0776 32352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/08 22:23:26.0037 32352 tifm (e597a68a77da1bc7fa106e81d7379bf0) C:\WINDOWS\system32\drivers\tifm.sys
2011/08/08 22:23:26.0657 32352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/08 22:23:27.0158 32352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/08 22:23:27.0639 32352 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/08 22:23:27.0889 32352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/08 22:23:28.0250 32352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/08 22:23:28.0791 32352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/08 22:23:29.0061 32352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/08 22:23:29.0381 32352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/08 22:23:29.0882 32352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/08 22:23:30.0142 32352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/08 22:23:30.0353 32352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/08 22:23:30.0894 32352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/08 22:23:31.0905 32352 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/08/08 22:23:32.0886 32352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/08 22:23:33.0317 32352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/08 22:23:33.0918 32352 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/08 22:23:34.0449 32352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/08 22:23:34.0709 32352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/08 22:23:35.0150 32352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/08 22:23:35.0280 32352 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/08 22:23:35.0290 32352 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/08 22:23:35.0300 32352 Boot (0x1200) (75011b9d917672eb7c3ca2c559bccafe) \Device\Harddisk0\DR0\Partition0
2011/08/08 22:23:35.0310 32352 ================================================================================
2011/08/08 22:23:35.0310 32352 Scan finished
2011/08/08 22:23:35.0310 32352 ================================================================================
2011/08/08 22:23:35.0330 32064 Detected object count: 1
2011/08/08 22:23:35.0330 32064 Actual detected object count: 1
2011/08/08 22:23:58.0563 32064 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/08 22:23:58.0563 32064 \Device\Harddisk0\DR0 - ok
2011/08/08 22:23:58.0563 32064 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/08 22:24:19.0614 29648 Deinitialize success

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 August 2011 - 07:31 AM

Hello

Very good - Now I want you to rerun combofix for me and send me the new report

also tell me how the computer is doing now

gringo

<-- Don't worry every little bit helps.

#11 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 09 August 2011 - 02:32 PM

Gringo,

Here is the combofix report. The computer is doing much better. My google searches are also not be redirected.

Thanks,
Taruna

ComboFix 11-08-09.02 - Dr. Ram 08/09/2011 10:04:49.21.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.683 [GMT -5:00]
Running from: c:\documents and settings\Dr. Ram.FH-2135-2\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-02 15:44 . 2011-08-02 15:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-08-02 15:35 . 2011-08-02 15:35 -------- d-----w- c:\program files\iPod
2011-08-02 15:35 . 2011-08-02 15:37 -------- d-----w- c:\program files\iTunes
2011-08-02 15:27 . 2011-08-02 15:27 -------- d-----w- c:\program files\Bonjour
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-02 15:16 . 2011-08-02 15:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-02 15:15 . 2011-08-02 15:16 -------- d-----w- c:\program files\QuickTime
2011-07-30 23:17 . 2011-07-30 23:17 -------- d-----w- C:\$AVG
2011-07-30 22:09 . 2011-07-30 22:09 -------- d-----w- c:\documents and settings\Dr. Ram.FH-2135-2\Application Data\AVG10
2011-07-30 21:10 . 2011-07-30 21:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-30 21:04 . 2011-08-09 14:48 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 21:04 . 2011-08-08 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-07-30 21:02 . 2011-07-30 21:02 -------- d-----w- c:\program files\AVG
2011-07-30 20:52 . 2011-07-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-30 04:25 . 2011-07-30 04:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-07-29 14:59 . 2011-07-29 15:10 -------- d-----w- C:\Combo-Fix
2011-07-28 21:03 . 2011-07-28 21:03 54016 ----a-w- c:\windows\system32\drivers\anqhaxs.sys
2011-07-13 20:05 . 2011-07-13 20:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 02:39 . 2011-07-30 04:31 -------- d-----w- C:\ee05e4f4789988cc8769ea5a5da31f
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2011-05-14 22:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-05-14 22:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_04.54.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-02 15:28 . 2011-05-10 13:06 42496 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaapl.sys
+ 2011-08-02 15:28 . 2011-05-10 13:06 18432 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\netaapl.sys
+ 2009-12-24 04:32 . 2011-05-10 13:06 42496 c:\windows\system32\drivers\usbaapl.sys
+ 2011-03-16 21:03 . 2011-03-16 21:03 32592 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-03-01 19:25 . 2011-03-01 19:25 34896 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 27216 c:\windows\system32\drivers\AVGIDSShim.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 24144 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-02-22 13:13 . 2011-02-22 13:13 22992 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2010-07-12 09:33 . 2010-07-12 09:33 30432 c:\windows\system32\drivers\avgfwdx.sys
+ 2010-07-12 09:33 . 2010-07-12 09:33 51040 c:\windows\system32\avgfwdx.dll
+ 2011-07-31 03:54 . 2011-07-31 03:54 19968 c:\windows\Installer\739fa.msi
+ 2011-08-02 15:21 . 2011-08-02 15:21 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-05 05:59 . 2011-04-05 05:59 297168 c:\windows\system32\drivers\avgtdix.sys
+ 2011-01-07 11:41 . 2011-01-07 11:41 248656 c:\windows\system32\drivers\avgldx86.sys
+ 2011-04-15 02:28 . 2011-04-15 02:28 134480 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2011-07-30 21:02 . 2011-07-30 21:02 219648 c:\windows\Installer\8d1b3e.msi
+ 2011-08-02 15:26 . 2011-08-02 15:26 811520 c:\windows\Installer\31941d0.msi
+ 2011-08-02 15:37 . 2011-08-02 15:37 380928 c:\windows\Installer\{C73CA646-73B3-4AEF-A136-C37505745174}\iTunesIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-12-24 04:32 . 2011-05-10 13:06 4517664 c:\windows\system32\usbaaplrc.dll
+ 2011-08-02 15:28 . 2011-05-10 13:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaaplrc.dll
+ 2011-08-02 15:28 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\wdfcoinstaller01009.dll
+ 2011-08-05 02:58 . 2011-08-05 02:58 3489280 c:\windows\Installer\f3e52.msi
+ 2011-08-07 20:44 . 2011-08-07 20:44 1611776 c:\windows\Installer\b0739.msi
+ 2011-08-02 15:37 . 2011-08-02 15:37 6379520 c:\windows\Installer\3194add.msi
+ 2011-08-02 15:29 . 2011-08-02 15:29 3085312 c:\windows\Installer\319423e.msi
+ 2011-08-02 15:27 . 2011-08-02 15:27 1984512 c:\windows\Installer\31941f3.msi
+ 2011-08-02 15:21 . 2011-08-02 15:21 1769984 c:\windows\Installer\31941b3.msi
+ 2011-08-02 15:19 . 2011-08-02 15:19 1710592 c:\windows\Installer\3194154.msi
+ 2011-08-02 15:15 . 2011-08-02 15:15 9472000 c:\windows\Installer\3194112.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-20 126976]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2003-07-22 163840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786437548-1411649741-2705759841-41708\Scripts\Logon\0\0]
"Script"=LogonDesctest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786437548-1411649741-2705759841-8081\Scripts\Logon\0\0]
"Script"=LogonDesctest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"Sophos Message Router"=2 (0x2)
"Sophos Agent"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Dr. Ram.FH-2135-2\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [11/20/2009 5:42 PM 3456]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [7/22/2003 2:44 AM 18848]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 7:15 PM 135664]
S3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 7:00 AM 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 7:15 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06349922
*Deregistered* - 06349922
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 00:15]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 00:15]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926579517-2988711504-1731696492-1018Core.job
- c:\documents and settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-30 15:21]
.
2011-08-09 c:\windows\Tasks\User_Feed_Synchronization-{28AD0EE6-6A0D-478F-BB4D-D777D776585B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1512)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(14940)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-09 10:19:39
ComboFix-quarantined-files.txt 2011-08-09 15:19
ComboFix2.txt 2011-08-08 20:32
ComboFix3.txt 2011-07-30 04:58
.
Pre-Run: 19,017,613,312 bytes free
Post-Run: 19,048,513,536 bytes free
.
- - End Of File - - CFDA864C17FEEA7636FD563C062C3FC0

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 August 2011 - 06:04 PM

Your Java is out of date.

It can be updated by the Java control panel

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
An update should begin;
follow the prompts

Clear your Java Cache

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#13 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 09 August 2011 - 08:06 PM

Gringo,
Computer is doing much better. Here are the logs

Thanks,
Taruna

Here is the mbam log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2011 7:44:41 PM
mbam-log-2011-08-09 (19-44-41).txt

Scan type: Quick scan
Objects scanned: 240394
Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:43 PM, on 8/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr. Ram.FH-2135-2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254497213506
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254775467012
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.cric7.com/vjocx-en-black.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8334 bytes

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 August 2011 - 08:19 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brakets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the activex control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Click Scan
Wait for the scan to finish
Click on copy to clipboard and paste the results here in this topic
you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

<-- Don't worry every little bit helps.

#15 Taruna

New Member

Group: Members
Posts: 10
Joined: 30-July 11

Posted 10 August 2011 - 09:13 AM

Gringo,

Below is the results from the scan.

C:\Documents and Settings\Dr. Ram.FH-2135-2\Application Data\A41B79DDEC3E273744703B7ADE744D6E\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Dr. Ram.FH-2135-2\Application Data\A41B79DDEC3E273744703B7ADE744D6E\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application

My AVG Scanner has detected a trojan horse infection twice in the last two days.
Virus Name: Trojan horse Generic21.BBCB
Path: c:\System Volume Information\_restore{B49D46BE-55B0-4435-977F-B31D96E2317C}\RP18\A0037689.dll
How do I get rid of this.

Thanks,
Taruna