BleepingComputer.com: I think my pc is infected

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

I think my pc is infected Can you help me?

#1 User is offline   Demi<3 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 03-August 11

Posted 03 August 2011 - 05:03 PM

Hi i think my pc is infected , before couple of weeks some program called something like upd32.exe was created in "startup" section and some files called ex: cqwhn214.dll t1832c92.dll in the "WINDOWS" folder and so on were created but bitdefender deleted them , next day they appeared again , i deleted upd32.exe from startup and i did not find any more random dll files but just to be sure if you can check logs and see if there is any virus left or something?


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by DEMILOVATO at 0:00:51 on 2011-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2713 [GMT 2:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prio\prio_svc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\program files\unlocker\unlockerassistant.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Google Update] "c:\documents and settings\demilovato\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\unlockerassistant.exe"
mRun: [CleanMem Mini Monitor] c:\program files\cleanmem\Mini_Monitor.exe /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: safelinking.net
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242293823812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C0999CC-54DF-4E35-95F5-FCD570673EB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6FD9529-A8B5-491F-A2A4-00D09359E894} : NameServer = 195.29.150.3,195.29.150.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\demilovato\application data\mozilla\firefox\profiles\gxsargnq.default\
FF - prefs.js: browser.startup.homepage - www.google.hr
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\demilovato\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-19 123264]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-1-30 2304]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-14 304464]
R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2010-7-28 5120]
R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-3-21 718072]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2010-1-4 111312]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-1-25 44368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-14 20952]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-11-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-24 1691480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 CEDRIVER55;CEDRIVER55;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\demilo~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\demilo~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-9-1 24504]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 iatmunin;iatmunin;c:\docume~1\demilo~1\locals~1\temp\iatmunin.sys [2006-1-6 29696]
S3 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\36.tmp --> c:\windows\system32\36.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-13 27064]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [2010-12-14 23480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
.
=============== Created Last 30 ================
.
2011-08-03 21:36:15 -------- d-----w- c:\documents and settings\demilovato\application data\SUPERAntiSpyware.com
2011-08-03 21:35:58 -------- d-----w- c:\windows\system32\AppLogs
2011-08-03 21:35:57 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-03 21:35:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-03 17:08:00 -------- d-----w- c:\program files\Sierra
2011-08-03 14:46:55 -------- d-----w- c:\program files\LIMBO
2011-08-03 10:58:22 -------- d-----w- c:\documents and settings\all users\application data\GamesCampus
2011-08-03 09:34:15 -------- d-----w- C:\GamesCampus
2011-08-02 17:54:39 -------- d-----w- c:\windows\Kudos 2-in-1
2011-08-02 13:50:49 -------- d-----w- c:\program files\Darkstar One
2011-08-02 07:53:15 -------- d-----w- c:\documents and settings\demilovato\application data\Mumble
2011-08-02 07:52:56 -------- d-----w- c:\program files\Mumble
2011-07-26 00:25:28 -------- d-----w- c:\documents and settings\demilovato\VirtualBox VMs
2011-07-26 00:21:53 -------- d-----w- c:\documents and settings\demilovato\.VirtualBox
2011-07-26 00:21:45 158000 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-26 00:21:38 93488 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-17 16:34:07 -------- d-----w- C:\ATI
2011-07-17 15:45:13 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-07-07 14:59:01 -------- d-----w- c:\program files\Mount&Blade Warband
.
==================== Find3M ====================
.
2011-08-03 19:00:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-17 23:07:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-17 23:07:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-17 16:35:51 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-10 17:55:51 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-10 17:55:37 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-03 08:13:53 138056 ----a-w- c:\documents and settings\demilovato\application data\PnkBstrK.sys
2011-07-03 08:13:32 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-06-30 23:31:36 249856 ------w- c:\windows\Setup1.exe
2011-06-30 23:31:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-28 00:19:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-02 19:43:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21:44 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15:14 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53:14 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53:06 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47:42 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42:42 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14:06 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:07:40 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-05-25 03:05:18 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55:58 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54:56 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39:28 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39:16 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39:08 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38:52 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38:52 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38:50 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36:10 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:34:52 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 02:31:28 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27:52 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22:34 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-21 07:54:17 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-21 07:42:10 837192 ----a-w- c:\windows\system32\pbsvc.exe
.
============= FINISH: 0:01:26,83 ===============

Attached File(s)

  • Attached File  attach.txt (11K)
    Number of downloads: 1
  • Attached File  ark.txt (127.99K)
    Number of downloads: 1

This post has been edited by Demi<3: 04 August 2011 - 06:17 AM

#2 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 10 August 2011 - 04:26 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)


Thanks and again sorry for the delay.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#3 User is offline   Demi<3 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 03-August 11

Posted 10 August 2011 - 08:23 AM

Hello thanks for replying here are the new logs


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by DEMILOVATO at 15:20:50 on 2011-08-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2603 [GMT 2:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prio\prio_svc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\program files\unlocker\unlockerassistant.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DEMILOVATO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Google Update] "c:\documents and settings\demilovato\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\unlockerassistant.exe"
mRun: [CleanMem Mini Monitor] c:\program files\cleanmem\Mini_Monitor.exe /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: safelinking.net
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242293823812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C0999CC-54DF-4E35-95F5-FCD570673EB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6FD9529-A8B5-491F-A2A4-00D09359E894} : NameServer = 195.29.150.3,195.29.150.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\demilovato\application data\mozilla\firefox\profiles\gxsargnq.default\
FF - prefs.js: browser.startup.homepage - www.google.hr
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\demilovato\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-1-30 2304]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-14 304464]
R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2010-7-28 5120]
R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-3-21 718072]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2010-1-4 111312]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-1-25 44368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-14 20952]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-11-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-19 123264]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-24 1691480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 CEDRIVER55;CEDRIVER55;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\demilo~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\demilo~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-9-1 24504]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 iatmunin;iatmunin;c:\docume~1\demilo~1\locals~1\temp\iatmunin.sys [2006-10-27 29696]
S3 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\36.tmp --> c:\windows\system32\36.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-13 27064]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [2010-12-14 23480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
.
=============== Created Last 30 ================
.
2011-08-07 17:42:09 -------- d-----w- c:\documents and settings\demilovato\riotsGamesLogs
2011-08-07 17:13:50 -------- d-----w- c:\documents and settings\demilovato\application data\LolClient
2011-08-07 16:45:33 -------- d-----w- C:\Riot Games
2011-08-05 06:30:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 21:36:15 -------- d-----w- c:\documents and settings\demilovato\application data\SUPERAntiSpyware.com
2011-08-03 21:35:58 -------- d-----w- c:\windows\system32\AppLogs
2011-08-03 21:35:57 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-03 21:35:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-03 17:08:00 -------- d-----w- c:\program files\Sierra
2011-08-03 14:46:55 -------- d-----w- c:\program files\LIMBO
2011-08-03 10:58:22 -------- d-----w- c:\documents and settings\all users\application data\GamesCampus
2011-08-02 17:54:39 -------- d-----w- c:\windows\Kudos 2-in-1
2011-08-02 13:50:49 -------- d-----w- c:\program files\Darkstar One
2011-08-02 07:53:15 -------- d-----w- c:\documents and settings\demilovato\application data\Mumble
2011-08-02 07:52:56 -------- d-----w- c:\program files\Mumble
2011-07-26 00:25:28 -------- d-----w- c:\documents and settings\demilovato\VirtualBox VMs
2011-07-26 00:21:53 -------- d-----w- c:\documents and settings\demilovato\.VirtualBox
2011-07-26 00:21:45 158000 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-26 00:21:38 93488 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-17 16:34:07 -------- d-----w- C:\ATI
2011-07-17 15:45:13 -------- d-----w- c:\program files\Combined Community Codec Pack
.
==================== Find3M ====================
.
2011-08-06 22:21:04 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-06 22:21:04 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-06 22:20:50 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-06 22:20:36 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-05 14:53:48 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-17 16:35:51 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-03 08:13:53 138056 ----a-w- c:\documents and settings\demilovato\application data\PnkBstrK.sys
2011-07-03 08:13:32 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-06-30 23:31:36 249856 ------w- c:\windows\Setup1.exe
2011-06-30 23:31:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-28 00:19:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-02 19:43:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21:44 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15:14 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53:14 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53:06 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47:42 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42:42 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14:06 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:07:40 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-05-25 03:05:18 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55:58 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54:56 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39:28 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39:16 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39:08 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38:52 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38:52 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38:50 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36:10 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:34:52 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 02:31:28 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27:52 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22:34 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-21 07:54:17 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-21 07:42:10 837192 ----a-w- c:\windows\system32\pbsvc.exe
.
============= FINISH: 15:21:41,07 ===============

Attached File(s)


#4 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 10 August 2011 - 08:48 AM

Hi again, lets first check also for rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#5 User is offline   Demi<3 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 03-August 11

Posted 10 August 2011 - 03:48 PM

Here you go.



2011/08/10 22:46:27.0109 3504 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 22:46:29.0109 3504 ================================================================================
2011/08/10 22:46:29.0109 3504 SystemInfo:
2011/08/10 22:46:29.0109 3504
2011/08/10 22:46:29.0109 3504 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/10 22:46:29.0109 3504 Product type: Workstation
2011/08/10 22:46:29.0109 3504 ComputerName: PARAMORE
2011/08/10 22:46:29.0109 3504 UserName: DEMILOVATO
2011/08/10 22:46:29.0109 3504 Windows directory: C:\WINDOWS
2011/08/10 22:46:29.0109 3504 System windows directory: C:\WINDOWS
2011/08/10 22:46:29.0109 3504 Processor architecture: Intel x86
2011/08/10 22:46:29.0109 3504 Number of processors: 2
2011/08/10 22:46:29.0109 3504 Page size: 0x1000
2011/08/10 22:46:29.0109 3504 Boot type: Normal boot
2011/08/10 22:46:29.0109 3504 ================================================================================
2011/08/10 22:46:31.0546 3504 Initialize success
2011/08/10 22:46:43.0593 5812 ================================================================================
2011/08/10 22:46:43.0593 5812 Scan started
2011/08/10 22:46:43.0593 5812 Mode: Manual;
2011/08/10 22:46:43.0593 5812 ================================================================================
2011/08/10 22:46:44.0484 5812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/10 22:46:44.0562 5812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/10 22:46:44.0750 5812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/10 22:46:44.0796 5812 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/10 22:46:45.0265 5812 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/10 22:46:45.0500 5812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/10 22:46:45.0609 5812 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/08/10 22:46:45.0671 5812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/10 22:46:45.0718 5812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/10 22:46:46.0343 5812 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/10 22:46:46.0437 5812 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/08/10 22:46:46.0484 5812 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/10 22:46:46.0546 5812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/10 22:46:46.0593 5812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/10 22:46:46.0640 5812 bdfm (67c2a47db7190673350a3f9f5a1507cb) C:\WINDOWS\system32\drivers\bdfm.sys
2011/08/10 22:46:46.0671 5812 Bdfndisf (d981965d8d6578d663cf53d70a03f95a) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
2011/08/10 22:46:46.0703 5812 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/08/10 22:46:46.0796 5812 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/08/10 22:46:46.0859 5812 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
2011/08/10 22:46:46.0890 5812 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
2011/08/10 22:46:47.0078 5812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/10 22:46:47.0265 5812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/10 22:46:47.0343 5812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/10 22:46:47.0406 5812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/10 22:46:47.0437 5812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/10 22:46:47.0546 5812 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/08/10 22:46:47.0859 5812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/10 22:46:47.0906 5812 DKRtWrt (42823617433f6f9463e627644e716358) C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
2011/08/10 22:46:47.0968 5812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/10 22:46:48.0046 5812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/10 22:46:48.0109 5812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/10 22:46:48.0203 5812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/10 22:46:48.0359 5812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/10 22:46:48.0515 5812 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
2011/08/10 22:46:48.0562 5812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/10 22:46:48.0609 5812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/10 22:46:48.0671 5812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/10 22:46:48.0703 5812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/10 22:46:48.0765 5812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/10 22:46:48.0812 5812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/10 22:46:48.0859 5812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/10 22:46:48.0937 5812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/10 22:46:48.0984 5812 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/10 22:46:49.0031 5812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/10 22:46:49.0062 5812 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/10 22:46:49.0125 5812 Htsysm (57bd2878b475f530a9cf965c785c74a3) C:\WINDOWS\system32\HtsysmNT.sys
2011/08/10 22:46:49.0234 5812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/10 22:46:49.0281 5812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/10 22:46:49.0328 5812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/10 22:46:49.0468 5812 iatmunin (22fabdc07b4de09773a92d49201c9f94) C:\DOCUME~1\DEMILO~1\LOCALS~1\Temp\iatmunin.sys
2011/08/10 22:46:49.0500 5812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/10 22:46:49.0765 5812 IntcAzAudAddService (921f2452a8d3a10083ddd824fc8c267f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/10 22:46:50.0000 5812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/10 22:46:50.0031 5812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/10 22:46:50.0062 5812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/10 22:46:50.0093 5812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/10 22:46:50.0125 5812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/10 22:46:50.0203 5812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/10 22:46:50.0250 5812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/10 22:46:50.0312 5812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/10 22:46:50.0390 5812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/10 22:46:50.0421 5812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/10 22:46:50.0468 5812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/10 22:46:50.0515 5812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/10 22:46:50.0562 5812 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/08/10 22:46:50.0656 5812 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/10 22:46:50.0718 5812 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/10 22:46:50.0859 5812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/10 22:46:50.0921 5812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/10 22:46:51.0015 5812 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/10 22:46:51.0140 5812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/10 22:46:51.0171 5812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/10 22:46:51.0203 5812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/10 22:46:51.0312 5812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/10 22:46:51.0359 5812 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/10 22:46:51.0437 5812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/10 22:46:51.0468 5812 MSKSSRV (85736f804191cb420a31aca2a7f0674f) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/10 22:46:51.0515 5812 MSPCLOCK (e943adb93d83c5cbc0ca3f53f53b48cc) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/10 22:46:51.0562 5812 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/10 22:46:51.0578 5812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/10 22:46:51.0625 5812 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/08/10 22:46:51.0671 5812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/10 22:46:51.0687 5812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/10 22:46:51.0703 5812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/10 22:46:51.0734 5812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/10 22:46:51.0750 5812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/10 22:46:51.0796 5812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/10 22:46:51.0812 5812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/10 22:46:51.0859 5812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/10 22:46:51.0937 5812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/10 22:46:52.0000 5812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/10 22:46:52.0046 5812 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/08/10 22:46:52.0125 5812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/10 22:46:52.0171 5812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/10 22:46:52.0203 5812 NVENETFD (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/10 22:46:52.0250 5812 nvnetbus (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/10 22:46:52.0281 5812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/10 22:46:52.0312 5812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/10 22:46:52.0343 5812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/10 22:46:52.0375 5812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/10 22:46:52.0390 5812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/10 22:46:52.0421 5812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/10 22:46:52.0453 5812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/10 22:46:52.0500 5812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/10 22:46:52.0531 5812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/10 22:46:52.0750 5812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/10 22:46:52.0828 5812 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/08/10 22:46:52.0843 5812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/10 22:46:52.0875 5812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/10 22:46:52.0906 5812 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/10 22:46:53.0078 5812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/10 22:46:53.0125 5812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/10 22:46:53.0140 5812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/10 22:46:53.0156 5812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/10 22:46:53.0187 5812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/10 22:46:53.0203 5812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/10 22:46:53.0218 5812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/10 22:46:53.0265 5812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/10 22:46:53.0281 5812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/10 22:46:53.0343 5812 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/08/10 22:46:53.0390 5812 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/10 22:46:53.0484 5812 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/10 22:46:53.0500 5812 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/10 22:46:53.0578 5812 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/10 22:46:53.0640 5812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/10 22:46:53.0671 5812 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/10 22:46:53.0734 5812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/10 22:46:53.0843 5812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/10 22:46:53.0890 5812 SI3132 (6e42ca2af3516cda7f3776a186ca4f78) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2011/08/10 22:46:53.0921 5812 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/08/10 22:46:53.0968 5812 SiRemFil (e0cbd289912e2abd42580c15bb41339e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/08/10 22:46:54.0015 5812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/10 22:46:54.0093 5812 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/10 22:46:54.0093 5812 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/08/10 22:46:54.0109 5812 sptd - detected LockedFile.Multi.Generic (1)
2011/08/10 22:46:54.0109 5812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/10 22:46:54.0171 5812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/10 22:46:54.0203 5812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/10 22:46:54.0265 5812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/10 22:46:54.0421 5812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/10 22:46:54.0484 5812 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/08/10 22:46:54.0515 5812 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/08/10 22:46:54.0609 5812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/10 22:46:54.0640 5812 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/10 22:46:54.0687 5812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/10 22:46:54.0734 5812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/10 22:46:54.0781 5812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/10 22:46:54.0968 5812 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/08/10 22:46:55.0031 5812 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/10 22:46:55.0078 5812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/10 22:46:55.0156 5812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/10 22:46:55.0281 5812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/10 22:46:55.0312 5812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/10 22:46:55.0406 5812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/10 22:46:55.0453 5812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/10 22:46:55.0484 5812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/10 22:46:55.0546 5812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/10 22:46:55.0640 5812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/10 22:46:55.0687 5812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/10 22:46:55.0750 5812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/10 22:46:55.0812 5812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/10 22:46:55.0937 5812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/10 22:46:56.0015 5812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/10 22:46:56.0078 5812 wip0204 (2944bed10ffd9369da9a988d8ac899e4) C:\WINDOWS\system32\DRIVERS\wip0204.sys
2011/08/10 22:46:56.0140 5812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/10 22:46:56.0203 5812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/10 22:46:56.0234 5812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/10 22:46:56.0359 5812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/10 22:46:56.0562 5812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
2011/08/10 22:46:56.0562 5812 Boot (0x1200) (8fb49ba4e218538c99daa43e92bd4655) \Device\Harddisk0\DR0\Partition0
2011/08/10 22:46:56.0578 5812 Boot (0x1200) (ca96cb2cdd16d6262a01857d570ea746) \Device\Harddisk1\DR2\Partition0
2011/08/10 22:46:56.0593 5812 ================================================================================
2011/08/10 22:46:56.0593 5812 Scan finished
2011/08/10 22:46:56.0593 5812 ================================================================================
2011/08/10 22:46:56.0609 2640 Detected object count: 1
2011/08/10 22:46:56.0609 2640 Actual detected object count: 1
2011/08/10 22:47:12.0812 2640 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/10 22:47:52.0890 2956 Deinitialize success

#6 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 10 August 2011 - 03:56 PM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#7 User is offline   Demi<3 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 03-August 11

Posted 10 August 2011 - 04:25 PM

Here you go

Attached File(s)


#8 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 11 August 2011 - 06:58 AM

Hi, how are things running at this point?

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.



Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users