Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys file infected logs posted


  • This topic is locked This topic is locked
14 replies to this topic

#1 erd48

erd48

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 March 2010 - 11:38 PM

I hope this is complete and right. I didn't zip and attach the attach file pending your request.

john


DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 19:55:12.42 on Tue 03/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1201 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100302-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125793595656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141_02.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-23 138680]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-11-21 2368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-23 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-23 352920]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-12-2 4064]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-03 02:52:20 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable
2010-02-28 13:36:38 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-28 13:36:38 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-01-07 23:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2002-09-24 15:24:50 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2002-08-19 14:46:24 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2002-05-16 16:21:10 286720 ----a-w- c:\windows\inf\i386\rtscan.dll
2002-05-16 16:20:38 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 19:55:59.25 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-02 21:26:31
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfliipob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBAA2AB30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB06906B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0690574]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xBAA2A6F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0690A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB069014C]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBAA2A470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB069064E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB069008C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB06900F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBAA2AC50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB069076E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB069072E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB06908AE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBAA2A990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xBAA2A8D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBAA2AD60]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\aswTdi \Device\ASWTDI wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\prodrv06 \Device\ProDrv06 E1CA8320
Device \Driver\prohlp02 \Device\ProHlp02 E1BBF1D0
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\00001074 -> \Driver\atapi \Device\Harddisk0\DR0 8AA0FE07

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}@iabdoblfhbbmbaeoce 0x64 0x61 0x63 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}@ianbogmlmgbneepmjb 0x6B 0x61 0x63 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}@hahdecodncidjkoc 0x6B 0x61 0x63 0x6E ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 06 March 2010 - 01:47 PM

Hello my name is Sempai and welcome to Bleeping Computer.
*We apologize for the delay. Forum have been busy.

* Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found out that their computer is running smoothly, but absence of symptoms does not mean that a computer is free from infection.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.



+++++++++++++++++++++++++


1. Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (Right click on the file and choose extract all).
  • Double-Click (Run as administrator for Vista) TDSSKiller.exe to run it.
  • When it finished press any key to continue (Let reboot if needed).
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log.


2. Download Combofix (by Subs) from any of the links below, and save it to your desktop.
Link 1
Link 2
  • Temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    • It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • If you did not have it installed, you will see the prompt below. Choose YES.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note**:
*If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
**Please note**
*Leave your computer alone while ComboFix is running.
*ComboFix will restart your computer if malware is found; allow it to do so.
*Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Warning!
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper, *** If your are not the topic starter DO NOT run this tool as it could cause irreversible damage to your computer.


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix



~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 06 March 2010 - 04:21 PM

Hi Sempai,

No problems running the programs.

I've attached the TDkiller and combo fix logs.

I'll wait to here from you.

Thanks,

John


13:50:49:329 2004 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
13:50:49:329 2004 ================================================================================
13:50:49:329 2004 SystemInfo:

13:50:49:329 2004 OS Version: 5.1.2600 ServicePack: 2.0
13:50:49:329 2004 Product type: Workstation
13:50:49:329 2004 ComputerName: WMPCAHCQ2
13:50:49:329 2004 UserName: Compaq_Owner
13:50:49:329 2004 Windows directory: C:\WINDOWS
13:50:49:329 2004 Processor architecture: Intel x86
13:50:49:329 2004 Number of processors: 1
13:50:49:329 2004 Page size: 0x1000
13:50:49:345 2004 Boot type: Normal boot
13:50:49:345 2004 ================================================================================
13:50:49:345 2004 UnloadDriverW: NtUnloadDriver error 2
13:50:49:345 2004 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
13:50:49:392 2004 Initialize success
13:50:49:392 2004
13:50:49:392 2004 Scanning Services ...
13:50:49:392 2004 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
13:50:49:392 2004 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:50:49:392 2004 wfopen_ex: Trying to KLMD file open
13:50:49:392 2004 wfopen_ex: File opened ok (Flags 2)
13:50:49:392 2004 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
13:50:49:392 2004 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:50:49:392 2004 wfopen_ex: Trying to KLMD file open
13:50:49:392 2004 wfopen_ex: File opened ok (Flags 2)
13:50:49:798 2004 GetAdvancedServicesInfo: Raw services enum returned 374 services
13:50:49:814 2004 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
13:50:49:814 2004 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
13:50:49:814 2004
13:50:49:814 2004 Scanning Kernel memory ...
13:50:49:814 2004 Devices to scan: 20
13:50:49:814 2004
13:50:49:814 2004 Driver Name: Disk
13:50:49:814 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:814 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:814 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:814 2004 IRP_MJ_READ : BA908D9B
13:50:49:814 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:814 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:814 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:814 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:814 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:814 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:814 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:814 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:814 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:814 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:814 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:814 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:814 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:814 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:814 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:814 2004 sion
13:50:49:814 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:814 2004
13:50:49:814 2004 Driver Name: USBSTOR
13:50:49:814 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:814 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:814 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:814 2004 IRP_MJ_READ : BAB7D23C
13:50:49:814 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:814 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:814 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:814 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:814 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:814 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:814 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:814 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:814 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:814 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:814 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:814 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:814 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:814 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:814 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:829 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:829 2004 siohd: 0
13:50:49:829 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:829 2004
13:50:49:829 2004 Driver Name: Disk
13:50:49:829 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:829 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:829 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:829 2004 IRP_MJ_READ : BA908D9B
13:50:49:829 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:829 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:829 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:829 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:829 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:829 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:829 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:829 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:829 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:829 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:829 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:829 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:829 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:829 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:829 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:829 2004 sion
13:50:49:829 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:829 2004
13:50:49:829 2004 Driver Name: Disk
13:50:49:829 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:829 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:829 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:829 2004 IRP_MJ_READ : BA908D9B
13:50:49:829 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:829 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:829 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:829 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:829 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:829 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:829 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:829 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:829 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:829 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:829 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:829 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:829 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:829 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:829 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:829 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:829 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:829 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:829 2004 sion
13:50:49:829 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:829 2004
13:50:49:845 2004 Driver Name: USBSTOR
13:50:49:845 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:845 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:845 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:845 2004 IRP_MJ_READ : BAB7D23C
13:50:49:845 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:845 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:845 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:845 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:845 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:845 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:845 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:845 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:845 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:845 2004 siohd: 0
13:50:49:845 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:845 2004
13:50:49:845 2004 Driver Name: USBSTOR
13:50:49:845 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:845 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:845 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:845 2004 IRP_MJ_READ : BAB7D23C
13:50:49:845 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:845 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:845 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:845 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:845 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:845 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:845 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:845 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:845 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:845 2004 siohd: 0
13:50:49:845 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:845 2004
13:50:49:845 2004 Driver Name: Disk
13:50:49:845 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:845 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:845 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:845 2004 IRP_MJ_READ : BA908D9B
13:50:49:845 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:845 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:845 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:845 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:845 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:845 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:845 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:845 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:845 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:845 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:845 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:845 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:845 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:845 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:845 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:845 2004 sion
13:50:49:845 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:845 2004
13:50:49:845 2004 Driver Name: Disk
13:50:49:845 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:845 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:845 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:845 2004 IRP_MJ_READ : BA908D9B
13:50:49:845 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:845 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:845 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:861 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:861 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:861 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:861 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:861 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:861 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:861 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:861 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:861 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:861 2004 sion
13:50:49:861 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:861 2004
13:50:49:861 2004 Driver Name: Disk
13:50:49:861 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:861 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:861 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:861 2004 IRP_MJ_READ : BA908D9B
13:50:49:861 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:861 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:861 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:861 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:861 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:861 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:861 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:861 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:861 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:861 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:861 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:861 2004 sion
13:50:49:861 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:861 2004
13:50:49:861 2004 Driver Name: Disk
13:50:49:861 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:861 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:861 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:861 2004 IRP_MJ_READ : BA908D9B
13:50:49:861 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:861 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:861 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:861 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:861 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:861 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:861 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:861 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:861 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:861 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:861 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:861 2004 sion
13:50:49:861 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:861 2004
13:50:49:861 2004 Driver Name: Disk
13:50:49:861 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:861 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:861 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:861 2004 IRP_MJ_READ : BA908D9B
13:50:49:861 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:861 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:861 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:861 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:861 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:861 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:861 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:861 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:861 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:861 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:861 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:861 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:861 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:861 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:861 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:876 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:876 2004 sion
13:50:49:876 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:876 2004
13:50:49:876 2004 Driver Name: Disk
13:50:49:876 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:876 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:876 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:876 2004 IRP_MJ_READ : BA908D9B
13:50:49:876 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:876 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:876 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:876 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:876 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:876 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:876 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:876 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:876 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:876 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:876 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:876 2004 sion
13:50:49:876 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:876 2004
13:50:49:876 2004 Driver Name: USBSTOR
13:50:49:876 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:876 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:876 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:876 2004 IRP_MJ_READ : BAB7D23C
13:50:49:876 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:876 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:876 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:876 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:876 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:876 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:876 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:876 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:876 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:876 2004 siohd: 0
13:50:49:876 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:876 2004
13:50:49:876 2004 Driver Name: USBSTOR
13:50:49:876 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:876 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:876 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:876 2004 IRP_MJ_READ : BAB7D23C
13:50:49:876 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:876 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:876 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:876 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:876 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:876 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:876 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:876 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:876 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:876 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:876 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:876 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:876 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:876 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:892 2004 siohd: 0
13:50:49:892 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:892 2004
13:50:49:892 2004 Driver Name: USBSTOR
13:50:49:892 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:892 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:892 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:892 2004 IRP_MJ_READ : BAB7D23C
13:50:49:892 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:892 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:892 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:892 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:892 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:892 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:892 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:892 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:892 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:892 2004 siohd: 0
13:50:49:892 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:892 2004
13:50:49:892 2004 Driver Name: USBSTOR
13:50:49:892 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:892 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:892 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:892 2004 IRP_MJ_READ : BAB7D23C
13:50:49:892 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:892 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:892 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:892 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:892 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:892 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:892 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:892 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:892 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:892 2004 siohd: 0
13:50:49:892 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:892 2004
13:50:49:892 2004 Driver Name: USBSTOR
13:50:49:892 2004 IRP_MJ_CREATE : BAB7D218
13:50:49:892 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:892 2004 IRP_MJ_CLOSE : BAB7D218
13:50:49:892 2004 IRP_MJ_READ : BAB7D23C
13:50:49:892 2004 IRP_MJ_WRITE : BAB7D23C
13:50:49:892 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:892 2004 IRP_MJ_FLUSH_BUFFERS : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:892 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_DEVICE_CONTROL : BAB7D180
13:50:49:892 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BAB789E6
13:50:49:892 2004 IRP_MJ_SHUTDOWN : 804F3418
13:50:49:892 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:892 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:892 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:892 2004 IRP_MJ_POWER : BAB7C5F0
13:50:49:892 2004 IRP_MJ_SYSTEM_CONTROL : BAB7AA6E
13:50:49:892 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:892 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:892 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:892 2004 siohd: 0
13:50:49:907 2004 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:50:49:907 2004
13:50:49:907 2004 Driver Name: Disk
13:50:49:907 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:907 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:907 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:907 2004 IRP_MJ_READ : BA908D9B
13:50:49:907 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:907 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:907 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:907 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:907 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:907 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:907 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:907 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:907 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:907 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:907 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:907 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:907 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:907 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:907 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:907 2004 sion
13:50:49:907 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:907 2004
13:50:49:907 2004 Driver Name: Disk
13:50:49:907 2004 IRP_MJ_CREATE : BA90EC30
13:50:49:907 2004 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
13:50:49:907 2004 IRP_MJ_CLOSE : BA90EC30
13:50:49:907 2004 IRP_MJ_READ : BA908D9B
13:50:49:907 2004 IRP_MJ_WRITE : BA908D9B
13:50:49:907 2004 IRP_MJ_QUERY_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_SET_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_EA : 804F3418
13:50:49:907 2004 IRP_MJ_SET_EA : 804F3418
13:50:49:907 2004 IRP_MJ_FLUSH_BUFFERS : BA909366
13:50:49:907 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
13:50:49:907 2004 IRP_MJ_DIRECTORY_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_DEVICE_CONTROL : BA90944D
13:50:49:907 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
13:50:49:907 2004 IRP_MJ_SHUTDOWN : BA909366
13:50:49:907 2004 IRP_MJ_LOCK_CONTROL : 804F3418
13:50:49:907 2004 IRP_MJ_CLEANUP : 804F3418
13:50:49:907 2004 IRP_MJ_CREATE_MAILSLOT : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_SECURITY : 804F3418
13:50:49:907 2004 IRP_MJ_SET_SECURITY : 804F3418
13:50:49:907 2004 IRP_MJ_POWER : BA90AEF3
13:50:49:907 2004 IRP_MJ_SYSTEM_CONTROL : BA90FA24
13:50:49:907 2004 IRP_MJ_DEVICE_CHANGE : 804F3418
13:50:49:907 2004 IRP_MJ_QUERY_QUOTA : 804F3418
13:50:49:907 2004 IRP_MJ_SET_QUOTA : 804F3418
13:50:49:907 2004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:50:49:907 2004 sion
13:50:49:907 2004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:50:49:907 2004
13:50:49:907 2004 Driver Name: atapi
13:50:49:907 2004 IRP_MJ_CREATE : 8AA0FE07
13:50:49:907 2004 IRP_MJ_CREATE_NAMED_PIPE : 8AA0FE07
13:50:49:907 2004 IRP_MJ_CLOSE : 8AA0FE07
13:50:49:907 2004 IRP_MJ_READ : 8AA0FE07
13:50:49:907 2004 IRP_MJ_WRITE : 8AA0FE07
13:50:49:907 2004 IRP_MJ_QUERY_INFORMATION : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SET_INFORMATION : 8AA0FE07
13:50:49:907 2004 IRP_MJ_QUERY_EA : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SET_EA : 8AA0FE07
13:50:49:907 2004 IRP_MJ_FLUSH_BUFFERS : 8AA0FE07
13:50:49:907 2004 IRP_MJ_QUERY_VOLUME_INFORMATION : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SET_VOLUME_INFORMATION : 8AA0FE07
13:50:49:907 2004 IRP_MJ_DIRECTORY_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_FILE_SYSTEM_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_DEVICE_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SHUTDOWN : 8AA0FE07
13:50:49:907 2004 IRP_MJ_LOCK_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_CLEANUP : 8AA0FE07
13:50:49:907 2004 IRP_MJ_CREATE_MAILSLOT : 8AA0FE07
13:50:49:907 2004 IRP_MJ_QUERY_SECURITY : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SET_SECURITY : 8AA0FE07
13:50:49:907 2004 IRP_MJ_POWER : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SYSTEM_CONTROL : 8AA0FE07
13:50:49:907 2004 IRP_MJ_DEVICE_CHANGE : 8AA0FE07
13:50:49:907 2004 IRP_MJ_QUERY_QUOTA : 8AA0FE07
13:50:49:907 2004 IRP_MJ_SET_QUOTA : 8AA0FE07
13:50:49:923 2004 ihd: 7, FFDF0308, 441, 99, 3, 88, 1
13:50:49:923 2004 Driver "atapi" Irp handler infected by TDSS rootkit ... 13:50:49:923 2004 cured
13:50:49:923 2004 siohd: 0
13:50:49:939 2004 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
13:50:49:939 2004 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 13:50:49:939 2004 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
13:50:49:939 2004 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
13:50:50:236 2004 vfvi6
13:50:50:298 2004 !dsvbh1
13:50:51:829 2004 dsvbh2
13:50:51:829 2004 fdfb2
13:50:51:829 2004 Backup copy found, using it..
13:50:51:892 2004 will be cured on next reboot
13:50:51:892 2004 Reboot required for cure complete..
13:50:51:892 2004 Cure on reboot scheduled successfully
13:50:51:892 2004
13:50:51:892 2004 Completed
13:50:51:892 2004
13:50:51:892 2004 Results:
13:50:51:892 2004 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
13:50:51:892 2004 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:50:51:892 2004 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:50:51:892 2004
13:50:51:892 2004 UnloadDriverW: NtUnloadDriver error 1
13:50:51:892 2004 KLMD_Unload: UnloadDriverW(klmd21) error 1
13:50:51:892 2004 KLMD(ARK) unloaded successfully


ComboFix 10-03-01.04 - Compaq_Owner 03/06/2010 14:04:00.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1458 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
C:\s
c:\windows\MailSwitch.ocx
c:\windows\system32\VB40032.DLL
c:\windows\viassary-hp.reg
D:\Autorun.inf
K:\Autorun.inf
M:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 21:00 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\setup.exe
2010-03-06 21:00 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\install.exe
2010-03-02 13:39 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2010-03-02 13:39 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe
2010-02-21 17:06 . 2010-02-21 17:06 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 21:00 . 2009-10-13 17:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp
2010-03-06 20:52 . 2004-08-04 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-22 04:41 . 2009-10-23 19:49 -------- d-----w- c:\program files\Defraggler
2010-01-31 22:28 . 2005-09-28 11:30 -------- d-----w- c:\program files\MemoriesOnTV
2010-01-13 16:53 . 2009-03-11 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:52 . 2009-03-29 03:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 23:07 . 2009-03-11 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-03-11 00:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-27 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-24 00:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 23:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-03-27 21:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-27 12:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"RichVideo"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/23/2009 5:24 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2009 5:24 PM 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11/21/2006 7:15 PM 2368]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/28/2007 1:50 PM 517632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [12/2/2005 11:33 AM 4064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_02.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-klmdb.sys
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
AddRemove-HijackThis - f:\my documents\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 14:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdoblfhbbmbaeoce"=hex:64,61,63,6e,66,6d,62,70,00,d0
"ianbogmlmgbneepmjb"=hex:6b,61,63,6e,69,6d,64,6f,63,67,65,6a,6e,6b,61,6e,6b,6d,
64,64,6c,6d,00,00
"hahdecodncidjkoc"=hex:6b,61,63,6e,66,6d,6f,6e,62,64,69,6b,70,6c,6b,65,68,64,
6f,69,67,63,00,00
.
Completion time: 2010-03-06 14:12:27
ComboFix-quarantined-files.txt 2010-03-06 21:12

Pre-Run: 53,899,194,368 bytes free
Post-Run: 53,875,159,040 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
- - End Of File - - 277F37A40219BAC6685C58033362749C


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 06 March 2010 - 09:38 PM

Looks good, after doing the steps below please tell me how's your computer running?


I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player



+++++++++++++++++++++

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



2. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

RegLockDel::
[HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



3. Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .


4. Please create a new DDS log for my review, thanks.


~Semp



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 07 March 2010 - 07:12 AM

Hi Swmp,

Thanks for getting back so soon. Did everything you directed. The logs are posted. PC seems to be running very smooth. Hope the logs look good!
Thanks again,

John

ComboFix 10-03-01.04 - Compaq_Owner 03/06/2010 20:00:35.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1461 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

M:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 02:54 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\setup.exe
2010-03-07 02:54 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\install.exe
2010-03-02 13:39 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2010-03-02 13:39 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe
2010-02-21 17:06 . 2010-02-21 17:06 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 02:54 . 2009-10-13 17:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp
2010-03-06 20:52 . 2004-08-04 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-22 04:41 . 2009-10-23 19:49 -------- d-----w- c:\program files\Defraggler
2010-01-31 22:28 . 2005-09-28 11:30 -------- d-----w- c:\program files\MemoriesOnTV
2010-01-13 16:53 . 2009-03-11 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:52 . 2009-03-29 03:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 23:07 . 2009-03-11 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-03-11 00:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-06_21.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 02:54 . 2010-03-07 02:54 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-27 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-24 00:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 23:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-03-27 21:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-27 12:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/23/2009 5:24 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2009 5:24 PM 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11/21/2006 7:15 PM 2368]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/28/2007 1:50 PM 517632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [12/2/2005 11:33 AM 4064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_02.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 20:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdoblfhbbmbaeoce"=hex:64,61,63,6e,66,6d,62,70,00,d0
"ianbogmlmgbneepmjb"=hex:6b,61,63,6e,69,6d,64,6f,63,67,65,6a,6e,6b,61,6e,6b,6d,
64,64,6c,6d,00,00
"hahdecodncidjkoc"=hex:6b,61,63,6e,66,6d,6f,6e,62,64,69,6b,70,6c,6b,65,68,64,
6f,69,67,63,00,00
.
Completion time: 2010-03-06 20:08:57
ComboFix-quarantined-files.txt 2010-03-07 03:08
ComboFix2.txt 2010-03-06 21:12

Pre-Run: 51,640,279,040 bytes free
Post-Run: 51,596,578,816 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
- - End Of File - - A1006C8B022547F0B3F51C9A316B959B


KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, March 7, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, March 06, 2010 23:25:09
Records in database: 3721800
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan statistics:
Objects scanned: 223669
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:10:08


File name / Threat / Threats count
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe Infected: Trojan-Spy.Win32.Agent.bdzz 1
C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll Infected: not-a-virus:AdWare.Win32.WebHancer.x 1

Selected area has been scanned.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 4:54:40.22 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1147 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jkos-Compaq_Owner\binaries\ScanningProcess.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125793595656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-23 138680]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-11-21 2368]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-23 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-23 352920]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-12-2 4064]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-07 03:14:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-07 03:14:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 02:50:30 0 d---a-r- C:\autorun.inf
2010-03-06 21:03:18 98816 ----a-w- c:\windows\sed.exe
2010-03-06 21:03:18 77312 ----a-w- c:\windows\MBR.exe
2010-03-06 21:03:18 261632 ----a-w- c:\windows\PEV.exe
2010-03-06 21:03:18 161792 ----a-w- c:\windows\SWREG.exe
2010-03-03 02:52:20 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable

==================== Find3M ====================

2010-03-06 20:52:20 95360 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-07 23:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2002-09-24 15:24:50 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2002-08-19 14:46:24 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2002-05-16 16:21:10 286720 ----a-w- c:\windows\inf\i386\rtscan.dll
2002-05-16 16:20:38 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 4:55:37.60 ===============



#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 07 March 2010 - 08:00 AM

Hi, you're not clean yet. We still need to remove some remnants.

Do you have a program name SVK Protector installed?


++++++++++++++++++


1. I want to see your uninstall list.
Please go to C:\Qoobox then look for Add-Remove Programs.txt and post it's contents for me please.



2. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
  • Please click this link-->Jotti
  • When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.
    c:\windows\system32\SVKP.sys
    C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll
  • Please post back the results of the scan in your next post.
  • If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



3. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
http://www.bleepingcomputer.com/forums/t/299900/atapisys-file-infected-logs-posted/

Collect::  
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe

RegNull::
[HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]

RegLockDel::
[HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]

Registry::
[-HKEY_USERS\S-1-5-21-49366262-2663879840-1882331823-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DF55420-6CC4-0760-DF7E-65658A68AB2F}*]

DDS::
mURLSearchHooks: H - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



4. Please run your Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 07 March 2010 - 03:05 PM

Hi Semp,

I do not have a program called SVK Protector that I am aware of.

No problems encountered following your directions.

Here are the logs

Thanks,

John

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: SVKP.SYS
Status: Scan finished. 1 out of 20 scanners reported malware.
Scan taken on: Sat 2 Jan 2010 12:45:52 (CET) Permalink




Additional info
File size: 2368 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: f05028b163b92c302a74409d683ac9b0
SHA1: 74a943b9f3bf63f8de5c3175f96366b24a661067


Scanners

2010-01-01 Found nothing
2010-01-02 Found nothing

2010-01-02 Found nothing
2010-01-02 Found nothing

2010-01-02 Found nothing
2010-01-02 Found nothing

2010-01-02 Found nothing
2010-01-02 Found nothing

2010-01-01 Found nothing
2010-01-01 Found nothing

2010-01-02 Found nothing
2010-01-01 Found nothing

2010-01-01 Found nothing
2009-12-31 W32.Dock.a

2010-01-02 Found nothing
2010-01-02 Found nothing

2010-01-02 Found nothing
2010-01-01 Found nothing

2010-01-01 Found nothing
2010-01-01 Found nothing


Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: AWhelper.dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 4 Mar 2010 18:51:30 (CET) Permalink




Additional info
File size: 28672 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 2dcaa711c9b64ff6cdeba93202b4f408
SHA1: f684de1eb24b78729e8ec1dc46d68554657247e6


Scanners

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-03 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-03 Found nothing

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-04 Found nothing

2010-03-04 Found nothing
2010-03-03 Found nothing

2010-03-03 Found nothing
2010-03-04 Found nothing


ComboFix 10-03-01.04 - Compaq_Owner 03/07/2010 11:53:02.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1399 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100307-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

file zipped: c:\hp\recovery\wizard\fscommand\CDLogic_ret.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\hp\recovery\wizard\fscommand\CDLogic_ret.exe
c:\windows\system32\GWFSPidGen.dll
M:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 13:11 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\setup.exe
2010-03-07 13:11 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\install.exe
2010-03-07 03:15 . 2010-03-07 03:15 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\msvcp71.dll
2010-03-07 03:15 . 2010-03-07 03:15 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\msvcr71.dll
2010-03-07 03:15 . 2010-03-07 03:15 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\jmc.dll
2010-03-07 03:14 . 2010-03-07 03:14 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18e0f28a-n\decora-sse.dll
2010-03-07 03:14 . 2010-03-07 03:14 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18e0f28a-n\decora-d3d.dll
2010-03-07 03:14 . 2010-03-07 03:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 13:39 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2010-03-02 13:39 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe
2010-02-21 17:06 . 2010-02-21 17:06 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 13:11 . 2009-10-13 17:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp
2010-03-07 03:15 . 2005-06-05 07:06 -------- d-----w- c:\program files\Common Files\Java
2010-03-07 03:14 . 2005-06-05 07:06 -------- d-----w- c:\program files\Java
2010-03-06 20:52 . 2004-08-04 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-22 04:41 . 2009-10-23 19:49 -------- d-----w- c:\program files\Defraggler
2010-01-31 22:28 . 2005-09-28 11:30 -------- d-----w- c:\program files\MemoriesOnTV
2010-01-13 16:53 . 2009-03-11 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:52 . 2009-03-29 03:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 23:07 . 2009-03-11 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-03-11 00:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-06_21.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 13:10 . 2010-03-07 13:10 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2010-03-07 13:10 . 2010-03-07 13:10 16384 c:\windows\Temp\Perflib_Perfdata_414.dat
+ 2005-06-05 07:06 . 2010-03-07 03:14 153376 c:\windows\system32\javaws.exe
+ 2005-06-05 07:06 . 2010-03-07 03:14 145184 c:\windows\system32\javaw.exe
+ 2005-06-05 07:06 . 2010-03-07 03:14 145184 c:\windows\system32\java.exe
+ 2010-03-07 03:15 . 2010-03-07 03:15 180224 c:\windows\Installer\138f63.msi
+ 2010-03-07 03:14 . 2010-03-07 03:14 576000 c:\windows\Installer\138f5a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-27 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-24 00:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 23:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-03-27 21:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-27 12:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/23/2009 5:24 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2009 5:24 PM 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11/21/2006 7:15 PM 2368]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/28/2007 1:50 PM 517632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [12/2/2005 11:33 AM 4064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 11:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2010-03-07 12:00:59
ComboFix-quarantined-files.txt 2010-03-07 19:00
ComboFix2.txt 2010-03-07 03:08
ComboFix3.txt 2010-03-06 21:12

Pre-Run: 52,605,476,864 bytes free
Post-Run: 52,675,444,736 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
- - End Of File - - BF97FA2851E7E9B27D598CDF88A13E8E
Upload was successful


Malwarebytes' Anti-Malware 1.44
Database version: 3833
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/7/2010 1:03:15 PM
mbam-log-2010-03-07 (13-03-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 214110
Time elapsed: 54 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 08 March 2010 - 08:47 AM

Hi,

I think you missed 1 of my instructions....
QUOTE
1. I want to see your uninstall list.

Please go to C:\Qoobox then look for Add-Remove Programs.txt and post it's contents for me please.

...Please do it and post the log. Thanks.

Please do another GMER and DDS scan, post the new logs for my review. Thanks.



~Semp



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 08 March 2010 - 07:45 PM

Hi Semp,

Sorry about leaving out the one log.

All logs are posted.

John

ACDSee 6.0 Standard Trial
Ace DVD Audio Extractor 1.2.26
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.2
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
AttachmentOptions
AutoUpdate
avast! Antivirus
AVS Video Tools 5.3
AXIS Camera Station Client 2.11
BufferChm
CaptureWizLite
CCleaner
Compaq Connections
Compaq Organize
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative MuVo N200 Media Explorer
Defraggler
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Codec
DivX Player
ELLA for Microsoft Outlook
eSupportQFolder
FLV Player 1.3.3
FoxyTunes for Firefox
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Deskjet 3900 series
HP Help and Support 4.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Print Diagnostic Utility
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet3900Series
HpSdpAppCoreApp
igLoader
InterVideo WinDVD Creator 3
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java Web Start
Java™ 6 Update 18
LightScribe 1.4.136.1
Linksys WUSB100 RangePlus Wireless USB Adapter
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaFACE 4.0
MediaFACE 4.0 Image Library
Memorex exPressit Label Design Studio
MemoriesOnTV 2.1.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Morpheus Photo Morpher v3.11
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MuVo Driver
MXpie Patch for WinMX Network/WPNP
Nero 7 Essentials
Netscape (7.2)
Netscape Navigator (9.0)
Network Stumbler 0.4.0 (remove only)
OneTouch Version 3.0
PaperPort 7.02
PerfectClock
Photodex Presenter
ProShow Gold
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS VGA Utilities
SmartSound Quicktracks Plugin
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
StartupMonitor
Status
Sygate Personal Firewall
Total Video Converter 3.02
TrayApp
Tweak UI
Ulead DVD MovieFactory 2 Trial
Ulead MediaStudio Pro 7.0 Trial
Ulead VideoStudio 10
Uninstall MPEG2 Plugin
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Vegas Movie Studio Platinum 9.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Photo Search 1.2
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Wisdom-soft Toolbar
WM Recorder 11.3
Yahoo! Toolbar


DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 16:19:04.76 on Mon 03/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1286 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100308-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125793595656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-23 138680]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-11-21 2368]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-23 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-23 352920]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-12-2 4064]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-08 01:54:44 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-08 01:54:44 1409 ----a-w- c:\windows\QTFont.for
2010-03-07 03:14:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-07 03:14:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 02:50:30 0 d---a-r- C:\autorun.inf
2010-03-06 21:03:18 98816 ----a-w- c:\windows\sed.exe
2010-03-06 21:03:18 77312 ----a-w- c:\windows\MBR.exe
2010-03-06 21:03:18 261632 ----a-w- c:\windows\PEV.exe
2010-03-06 21:03:18 161792 ----a-w- c:\windows\SWREG.exe
2010-03-03 02:52:20 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable

==================== Find3M ====================

2010-03-06 20:52:20 95360 ------w- c:\windows\system32\drivers\atapi.sys
2002-09-24 15:24:50 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2002-08-19 14:46:24 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2002-05-16 16:21:10 286720 ----a-w- c:\windows\inf\i386\rtscan.dll
2002-05-16 16:20:38 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 16:19:48.18 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 17:37:02
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfliipob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA98AB30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB06316B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0631574]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xBA98A6F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0631A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB063114C]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA98A470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB063164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB063108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB06310F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA98AC50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB063176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB063172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB06318AE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA98A990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xBA98A8D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA98AD60]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\aswTdi \Device\ASWTDI wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\prodrv06 \Device\ProDrv06 E21BA4F0
Device \Driver\prohlp02 \Device\ProHlp02 E1B73238
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 09 March 2010 - 08:15 AM

Hi, thanks for the logs... I am expecting that your computer is running fine after this fix, so please after doing the next steps confirm that you don't have any more issues so we can begin some clean up. Thanks.


+++++++++++++++++++++++++++++++


We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
File::
c:\windows\system32\SVKP.sys

Driver::
SVKP

DDS::
mURLSearchHooks: H - No File


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 09 March 2010 - 09:02 AM

Hi Semp,

Ran the log as directed. This was the first time it did an auto reboot and when it did the avast and magicjack initiated during the boot up as combofix was running the log. I turned off the avast and the log finished. Let me know if I need to run it again.

You are right I see a great improvement in performance! Yesterday I tried a boot in safe mode, which I haven't been able to do for some time, and was successful.

John


ComboFix 10-03-01.04 - Compaq_Owner 03/09/2010 6:32.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.1277 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100309-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\SVKP.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SVKP.sys
M:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVKP
-------\Service_SVKP


((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 13:51 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\setup.exe
2010-03-09 13:50 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\install.exe
2010-03-07 03:15 . 2010-03-07 03:15 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\msvcp71.dll
2010-03-07 03:15 . 2010-03-07 03:15 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\msvcr71.dll
2010-03-07 03:15 . 2010-03-07 03:15 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24f80a64-n\jmc.dll
2010-03-07 03:14 . 2010-03-07 03:14 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18e0f28a-n\decora-sse.dll
2010-03-07 03:14 . 2010-03-07 03:14 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18e0f28a-n\decora-d3d.dll
2010-03-07 03:14 . 2010-03-07 03:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 13:39 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2010-03-02 13:39 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe
2010-02-21 17:06 . 2010-02-21 17:06 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 13:52 . 2009-10-13 17:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp
2010-03-07 03:15 . 2005-06-05 07:06 -------- d-----w- c:\program files\Common Files\Java
2010-03-07 03:14 . 2005-06-05 07:06 -------- d-----w- c:\program files\Java
2010-03-06 20:52 . 2004-08-04 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-22 04:41 . 2009-10-23 19:49 -------- d-----w- c:\program files\Defraggler
2010-01-31 22:28 . 2005-09-28 11:30 -------- d-----w- c:\program files\MemoriesOnTV
2010-01-13 16:53 . 2009-03-11 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:52 . 2009-03-29 03:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 23:07 . 2009-03-11 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-03-11 00:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-27 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-24 00:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 23:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-03-27 21:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-27 12:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/23/2009 5:24 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2009 5:24 PM 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/28/2007 1:50 PM 517632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [12/2/2005 11:33 AM 4064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\fqlyyvxa.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 06:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\SSSensor.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\smc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\st00000\mjsetup.exe
c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-09 06:55:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 13:55
ComboFix2.txt 2010-03-07 19:01
ComboFix3.txt 2010-03-07 03:08
ComboFix4.txt 2010-03-06 21:12

Pre-Run: 52,106,194,944 bytes free
Post-Run: 51,898,019,840 bytes free

- - End Of File - - 4D3C71596D58FAF00D422573B8417F3A

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 09 March 2010 - 09:56 AM

Hi everything seems OK, I just want you to do one more thing...

Please run Flash_Disinfector on every flash/removable drive that you have.
Please download (if you already deleted it) Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



++++++++++++++++++++

Your PC is now free from malware. Let's do some clean-up to properly remove the tools that we used.


1. Uninstall Combofix
  • The following will implement some cleanup procedures as well as reset  System Restore points:
  • Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:
    ComboFix /Uninstall


2. You can now safely delete the following tools:
  1. TDSSkiller
  2. Flash Disinfector


3. Your Log is Clean, I suggest that you change all your offline and online passwords. Please take the time to read below to secure your machine and take the necessary steps to keep it Clean smile.gif
How to prevent Malware: by miekiemoes
How to increase PC speed: by miekiemoes


Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE
It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.
Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system.
I recommend that you visit the link above and apply the SP3 patch.

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


To help me continue my fight against malware, please consider a donation. Thank you.



With regards,
~ Semp smile.gif


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 09 March 2010 - 10:24 AM

Semp,

All items uninstalled and deleted.

Thanks so much for your help. Can't tell you how much I appreciate it. You're a pal, pal!!

John

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 09 March 2010 - 10:29 AM

No problem, You're very much welcome..... you can always ask help here.... anytime. thumbup2.gif


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:39 AM

Posted 09 March 2010 - 10:43 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users