Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected search results, random browser launches, and more


  • This topic is locked This topic is locked
10 replies to this topic

#1 JKav

JKav

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 18 June 2010 - 11:47 PM

Google searches are redirected to random websites. Browser windows open spontaneously out of the blue, again to random websites.

Also have observed other phenomena. May or may not be related to what's causing the above, but these things also started happening around the same time, so I suspect they're related (but what do I know):

First, boot-up time varies tremendously -- from about ten seconds to several minutes sometimes.

Second, my wireless connection is sometimes completely disabled upon boot-up, requiring a reboot to in order to connect (with mixed success). When this happens, no wireless networks can be found at all even in the presence of known ones. This also flummoxes the network diagnostics too.

Third, upon boot-up, windows firewall is sometimes disabled and I have to re-enable it.

This is on an Asus eee pc 1000HE. I've tried various malware removers (MalwareBytes, Avast, SuperAntiSpyware, SimplySup Trojan Remover) with no success in addressing these issues. I'm obviously no computer whiz, so I really appreciate your help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by ----n -------h at 16:14:10.35 on Fri 06/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1417 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\----n -------h\Local Settings\Temporary Internet Files\Content.IE5\L8I7ZYXR\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\----n -------h\Desktop\Defogger.exe
C:\Documents and Settings\----n -------h\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} - hxxps://rover.edmunds.com/nortel_cacheable/NetDirect.cab
DPF: {DA38BA7C-3040-4DD1-8783-0EC8B3CBDF2D} - hxxps://webshop.nissens.com/webnif.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli vehagedi.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-2-19 704384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S0 xpsjfl;xpsjfl; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-2-19 1684736]

=============== Created Last 30 ================

2011-02-27 04:02:54 0 d-----w- c:\program files\Elantech
2010-06-18 23:11:51 0 ----a-w- c:\documents and settings\----n -------h\defogger_reenable
2010-06-08 06:13:46 9232 ----a-w- c:\documents and settings\----n -------h\USB_MOT_BRIT.INF
2010-06-08 06:13:46 6947 ----a-w- c:\documents and settings\----n -------h\USBMOT2000.INF
2010-06-08 06:13:46 6009 ----a-w- c:\documents and settings\----n -------h\USBMOT2000XP.INF
2010-06-08 06:13:46 5877 ----a-w- c:\documents and settings\----n -------h\USB_CMCS_2000.INF
2010-06-08 06:13:46 5813 ----a-w- c:\documents and settings\----n -------h\USB_MOT_A1000.INF
2010-06-08 06:13:46 25600 ----a-w- c:\documents and settings\----n -------h\usbsermptxp.sys
2010-06-08 06:13:46 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2010-06-08 06:13:46 22768 ----a-w- c:\documents and settings\----n -------h\usbsermpt.sys
2010-05-30 02:14:27 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-30 02:14:27 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-30 02:14:27 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-30 02:14:27 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-30 02:14:27 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-30 02:14:24 0 d-----w- c:\program files\Trojan Remover
2010-05-30 02:14:24 0 d-----w- c:\docume~1\----n-~1\applic~1\Simply Super Software
2010-05-30 02:14:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

==================== Find3M ====================

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-05-07 08:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe
2009-02-19 20:52:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-31 18:37:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009073120090801\index.dat
2009-07-31 18:37:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-31 18:37:25 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-31 18:37:25 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:16:04.73 ===============

Attached Files


Edited by JKav, 18 June 2010 - 11:53 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 24 June 2010 - 02:52 AM

Hi JKav,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer and tell me if you are still having problems.

#3 JKav

JKav
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 24 June 2010 - 11:31 AM

Still having this/these problems. Please let me know if you can help.

Thanks

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 24 June 2010 - 12:22 PM

Let's take care of this nasty rootkit.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    proxycfg -d

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: fix.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate fix.bat on the desktop. It should look like this:
    • Double-click to run it. In Windows Vista: Right-click to run it as administrator.
    • A window flashes, this is normal.

  2. We are going to run this special tool.
    • Please download TDSSKiller.exe and save it to your desktop.
    • Run TDSSKiller.exe.
    • When it finished press any key to continue.
    • Let reboot if needed and tell me if it needed a reboot.
    • Also it makes a txt file on the C:\ directory (like TDSSKiller.2.3.2.0_Date_Time_log.txt). Please attach it to your replay.


#5 JKav

JKav
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 June 2010 - 04:11 PM

farbar, that seems to have done the trick -- thank you for the help.

Here is the logfile returned by TDSSKiller:

14:03:22:031 3804 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:03:22:031 3804 ================================================================================
14:03:22:031 3804 SystemInfo:

14:03:22:031 3804 OS Version: 5.1.2600 ServicePack: 3.0
14:03:22:031 3804 Product type: Workstation
14:03:22:031 3804 ComputerName: xxxxxxxxx0
14:03:22:031 3804 UserName: xxxxn xxxxxxxh
14:03:22:031 3804 Windows directory: C:\WINDOWS
14:03:22:031 3804 Processor architecture: Intel x86
14:03:22:031 3804 Number of processors: 2
14:03:22:031 3804 Page size: 0x1000
14:03:22:031 3804 Boot type: Normal boot
14:03:22:031 3804 ================================================================================
14:03:22:375 3804 Initialize success
14:03:22:375 3804
14:03:22:375 3804 Scanning Services ...
14:03:22:546 3804 Raw services enum returned 326 services
14:03:22:562 3804
14:03:22:562 3804 Scanning Drivers ...
14:03:23:312 3804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:03:23:343 3804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:03:23:421 3804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:03:23:484 3804 AFD (7f9a0b4ec9a4dc3260fcebef66a1b137) C:\WINDOWS\System32\drivers\afd.sys
14:03:23:484 3804 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 7f9a0b4ec9a4dc3260fcebef66a1b137, Fake md5: 7e775010ef291da96ad17ca4b17137d7
14:03:23:484 3804 File "C:\WINDOWS\System32\drivers\afd.sys" infected by TDSS rootkit ... 14:03:24:718 3804 Backup copy found, using it..
14:03:24:734 3804 will be cured on next reboot
14:03:24:953 3804 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:03:25:203 3804 AR5416 (7d53e5646ba23fd51296f7ef8979a000) C:\WINDOWS\system32\DRIVERS\athw.sys
14:03:25:375 3804 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
14:03:25:421 3804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:03:25:468 3804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:03:25:593 3804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:03:25:640 3804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:03:25:687 3804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:03:25:796 3804 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
14:03:25:859 3804 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
14:03:25:937 3804 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:03:26:062 3804 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:03:26:078 3804 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
14:03:26:125 3804 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
14:03:26:234 3804 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
14:03:26:265 3804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:03:26:296 3804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:03:26:359 3804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:03:26:421 3804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:03:26:437 3804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:03:26:515 3804 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:03:26:562 3804 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:03:26:609 3804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:03:26:671 3804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:03:26:796 3804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:03:26:828 3804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:03:26:875 3804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:03:26:984 3804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:03:27:015 3804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:03:27:062 3804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:03:27:140 3804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:03:27:203 3804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:03:27:234 3804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:03:27:281 3804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:03:27:390 3804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:03:27:421 3804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:03:27:453 3804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:03:27:484 3804 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:03:27:609 3804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:03:27:718 3804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:03:27:984 3804 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:03:28:312 3804 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
14:03:28:343 3804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:03:28:562 3804 IntcAzAudAddService (816a4f17dffdeeb01896fe05991838e0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:03:28:828 3804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:03:28:859 3804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:03:28:890 3804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:03:28:921 3804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:03:28:953 3804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:03:29:015 3804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:03:29:062 3804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:03:29:093 3804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:03:29:171 3804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:03:29:218 3804 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:03:29:296 3804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:03:29:390 3804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:03:29:437 3804 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys
14:03:29:500 3804 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
14:03:29:578 3804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:03:29:625 3804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:03:29:718 3804 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:03:29:875 3804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:03:29:921 3804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:03:30:000 3804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:03:30:062 3804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:03:30:156 3804 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:03:30:234 3804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:03:30:281 3804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:03:30:312 3804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:03:30:328 3804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:03:30:390 3804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:03:30:421 3804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:03:30:500 3804 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:03:30:734 3804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:03:30:781 3804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:03:30:812 3804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:03:30:859 3804 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:03:30:921 3804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:03:30:953 3804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:03:31:000 3804 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:03:31:078 3804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:03:31:125 3804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:03:31:156 3804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:03:31:203 3804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:03:31:312 3804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:03:31:359 3804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:03:31:375 3804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:03:31:421 3804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:03:31:500 3804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:03:31:562 3804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:03:31:593 3804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:03:31:640 3804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:03:31:671 3804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:03:31:765 3804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:03:31:781 3804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:03:31:812 3804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:03:31:890 3804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:03:31:921 3804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:03:32:000 3804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:03:32:015 3804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:03:32:062 3804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:03:32:109 3804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:03:32:187 3804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:03:32:234 3804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:03:32:296 3804 RT80x86 (f591f71883424f5b31e3348ea4454466) C:\WINDOWS\system32\DRIVERS\RT2860.sys
14:03:32:390 3804 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:03:32:421 3804 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:03:32:468 3804 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:03:32:546 3804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:03:32:593 3804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:03:32:609 3804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:03:32:671 3804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:03:32:781 3804 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
14:03:32:953 3804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:03:32:984 3804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:03:33:046 3804 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:03:33:140 3804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:03:33:171 3804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:03:33:234 3804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:03:33:312 3804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:03:33:390 3804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:03:33:484 3804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:03:33:500 3804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:03:33:562 3804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:03:33:625 3804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:03:33:734 3804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:03:33:781 3804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:03:33:812 3804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:03:33:828 3804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:03:33:906 3804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:03:33:968 3804 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
14:03:34:000 3804 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:03:34:062 3804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:03:34:109 3804 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:03:34:187 3804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:03:34:281 3804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:03:34:359 3804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:03:34:421 3804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:03:34:484 3804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:03:34:546 3804 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:03:34:578 3804 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:03:34:625 3804 Reboot required for cure complete..
14:03:34:656 3804 Cure on reboot scheduled successfully
14:03:34:656 3804
14:03:34:656 3804 Completed
14:03:34:656 3804
14:03:34:656 3804 Results:
14:03:34:656 3804 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:03:34:656 3804 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:03:34:656 3804
14:03:34:671 3804 KLMD(ARK) unloaded successfully


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 27 June 2010 - 04:46 PM

The rootkit is indeed taken care of. thumbup2.gif
  1. We need to repair a security related registry item altered by the malware. Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    CODE
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6C,69,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=-

    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.

    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  2. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  3. Tell me also how is your computer running.


#7 JKav

JKav
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 June 2010 - 06:09 PM

So far the computer seems to be running as expected. I'll be sure to monitor it over the next several days.

Thanks again. Here's the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4247

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/27/2010 4:07:03 PM
mbam-log-2010-06-27 (16-07-03).txt

Scan type: Quick scan
Objects scanned: 135783
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 27 June 2010 - 06:28 PM

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can. I recommend this good free antivirus:

Avira
  • Download the installer from softpedia.com link as it has a secure download mirror. Install and update it.
  • In the left pane click Status. In the right pane click Scan system now.
  • After the scan finished let it remove what it finds and then Click Report.
  • You can get the last report also by clicking on Reports on the left pane.
  • In the right window under Action double-click on the last Scan listed (you see also the corresponding Dat/Time).
  • A window opens, click on Report file.
  • Copy and paste the content of the report to your reply.


#9 JKav

JKav
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 June 2010 - 07:13 PM

Roger that. Here's that, too:


Avira AntiVir Personal
Report file date: Sunday, June 27, 2010 16:48

Scanning for 2271274 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : xxxxxxxxx0

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 23:41:45
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 23:41:59
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 23:42:00
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 23:42:00
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 23:42:00
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 23:42:01
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 23:42:01
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 23:42:01
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 23:42:04
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 23:42:05
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 23:42:06
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 23:42:07
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 23:42:09
VBASE018.VDF : 7.10.8.164 2048 Bytes 6/23/2010 23:42:09
VBASE019.VDF : 7.10.8.165 2048 Bytes 6/23/2010 23:42:09
VBASE020.VDF : 7.10.8.166 2048 Bytes 6/23/2010 23:42:10
VBASE021.VDF : 7.10.8.167 2048 Bytes 6/23/2010 23:42:10
VBASE022.VDF : 7.10.8.168 2048 Bytes 6/23/2010 23:42:10
VBASE023.VDF : 7.10.8.169 2048 Bytes 6/23/2010 23:42:11
VBASE024.VDF : 7.10.8.170 2048 Bytes 6/23/2010 23:42:11
VBASE025.VDF : 7.10.8.171 2048 Bytes 6/23/2010 23:42:11
VBASE026.VDF : 7.10.8.172 2048 Bytes 6/23/2010 23:42:12
VBASE027.VDF : 7.10.8.173 2048 Bytes 6/23/2010 23:42:12
VBASE028.VDF : 7.10.8.174 2048 Bytes 6/23/2010 23:42:12
VBASE029.VDF : 7.10.8.175 2048 Bytes 6/23/2010 23:42:12
VBASE030.VDF : 7.10.8.176 2048 Bytes 6/23/2010 23:42:13
VBASE031.VDF : 7.10.8.191 133632 Bytes 6/27/2010 23:42:14
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 6/27/2010 23:42:41
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/27/2010 23:42:40
AESCN.DLL : 8.1.6.1 127347 Bytes 6/27/2010 23:42:38
AESBX.DLL : 8.1.3.1 254324 Bytes 6/27/2010 23:42:41
AERDL.DLL : 8.1.4.6 541043 Bytes 6/27/2010 23:42:37
AEPACK.DLL : 8.2.2.5 430453 Bytes 6/27/2010 23:42:35
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/27/2010 23:42:33
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/27/2010 23:42:31
AEHELP.DLL : 8.1.11.6 242038 Bytes 6/27/2010 23:42:19
AEGEN.DLL : 8.1.3.12 377204 Bytes 6/27/2010 23:42:19
AEEMU.DLL : 8.1.2.0 393588 Bytes 6/27/2010 23:42:17
AECORE.DLL : 8.1.15.3 192886 Bytes 6/27/2010 23:42:16
AEBB.DLL : 8.1.1.0 53618 Bytes 6/27/2010 23:42:15
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, June 27, 2010 16:48

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '70' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'iexplore.exe' - '104' Module(s) have been scanned
Scan process 'iexplore.exe' - '128' Module(s) have been scanned
Scan process 'iexplore.exe' - '111' Module(s) have been scanned
Scan process 'SuperHybridEngine.exe' - '27' Module(s) have been scanned
Scan process 'BTTray.exe' - '49' Module(s) have been scanned
Scan process 'igfxext.exe' - '23' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '50' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '38' Module(s) have been scanned
Scan process 'ETDCtrl.exe' - '34' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned
Scan process 'AsEPCMon.exe' - '16' Module(s) have been scanned
Scan process 'AsAcpiSvr.exe' - '40' Module(s) have been scanned
Scan process 'AsTray.exe' - '34' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'igfxtray.exe' - '29' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '142' Module(s) have been scanned
Scan process 'btwdins.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'SeaPort.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '164' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '79' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '381' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'


End of the scan: Sunday, June 27, 2010 17:11
Used time: 23:36 Minute(s)

The scan has been done completely.

3914 Scanned directories
138704 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
138704 Files not concerned
6518 Archives were scanned
0 Warnings
0 Notes
269640 Objects were scanned with rootkit scan
0 Hidden objects were found



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 27 June 2010 - 07:17 PM

It looks good. thumbup2.gif
  1. You may delete any tool or log we used from your computer.

  2. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.


Recommendations:
  1. I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  2. I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
    • Download and install it.
    • Update it manually by clicking on Updates in the left pane and then Check for Updates.
    • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
    • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy Surfing JKav. smile.gif


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:10 PM

Posted 03 July 2010 - 06:43 PM


This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users