Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Hijacker, slow computer, can't find malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 Sparklemonkey

Sparklemonkey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 06 August 2010 - 11:47 AM

I'm completely stumped. My computer is acting like its infected, but nothing is turning up. Google search is occasionally redirecting to sites about Romanian travel. Spy Sweeper was timing out and then giving me start up errors. I tried to reinstall and the reinstall failed twice, but then went through. A couple times, although spy sweeper was running, Windows was showing it as turned off. I've scanned with Malwarebytes and the scan completes but shows the computer as clear. Spybot had found a keylogger, but that's it. I've scanned with everything i could think of, but since i don't know the name of the Malware, i haven't been able to go in and manually remove anything. Now My CPU usage is reaching 100% and i am at my wits end.

Any help would be greatly appreciated! Thanks so much in advance!

DDS is below and attached. GMER froze my computer (100% CPU usage) when i tried to save the txt. but the log saved fine. let me know if you need that. Oh, and i ran defogger and nothing was present.

Thanks again!

DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 9:10:25.53 on Fri 08/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1418 [GMT -7:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Damara\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: {287a7122-32de-466b-925e-10ae16a5a2c6} - soruhuma.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Keyboard OSD Utility] "c:\program files\keyboard manager\osd utility\OSDManager.exe" /lang en /H
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AlienFusion Controller] "c:\program files\alienware\command center\AlienFusionController.exe"
mRun: [AlienFX Controller] "c:\program files\alienware\command center\AlienwareAlienFXController.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [WinVNC] "c:\program files\ultravnc\winvnc.exe" -servicehelper
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] "c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\oscust.lnk - c:\windows\system32\oem\OSCust.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208909289716
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli c:\windows\system32\leyigowu.dll c:\windows\system32\yepaladi.dll c:\windows\system32\fidebage.dll ratikolo.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\damara\applic~1\mozilla\firefox\profiles\uutq0ieg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\damara\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-16 218592]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\alienware\command center\AlienFusionService.exe [2008-3-5 8192]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-16 112592]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-8-5 1201640]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2007-8-26 5632]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [2007-8-26 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]

=============== Created Last 30 ================

2010-08-06 16:09:53 0 ----a-w- c:\documents and settings\damara\defogger_reenable
2010-08-06 06:11:38 1563008 ----a-w- c:\windows\WRSetup.dll
2010-08-06 06:11:38 0 d-----w- c:\docume~1\damara\applic~1\Webroot
2010-08-06 06:11:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-08-05 06:59:14 7680 --sha-w- c:\windows\Thumbs.db
2010-08-05 06:59:14 69 ----a-w- c:\windows\NeroDigital.ini
2010-08-04 16:32:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 16:23:43 0 d-----w- c:\program files\Trend Micro
2010-08-04 08:22:10 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-04 01:28:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{E641F73D-EC02-4FD2-999F-DE3E354C12F7}
2010-07-14 05:30:51 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-08-06 16:04:14 3584 ----a-w- c:\windows\system32\acpimof.dll
2010-08-05 02:48:03 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-14 09:20:06 105772 ----a-w- c:\windows\fonts\DEATH_FONT.TTF
2010-06-14 09:19:09 78296 ----a-w- c:\windows\fonts\WOODCUT.TTF
2010-04-15 21:04:04 84680 --sh--w- c:\windows\system32\vagiluke.exe
2007-08-26 18:16:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-15 02:45:11 16384 -csha-w- c:\windows\temp\cookies\index.dat
2009-03-15 02:45:11 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-15 02:45:11 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 9:11:07.73 ===============

Sorry, don't mean to be bumping my post, just thought i would add some more info based on what has happened today. Antivir started popping up today for the first time so i rkilled and ran malwarebytes and it was able to remove the following:

hkey_local_machine\software\microsoft\windows\currentversion\run\dfciatyu
local settings\application data\oehfhikeo
hkey_cuurent_user\software\microsoft\windows\currentversion\run\dfciatyu
local settings\temp\pgfupd.exe

but i still dont know if im clear.

Merged posts. ~ OB

Edited by Orange Blossom, 08 August 2010 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 14 August 2010 - 07:55 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Sparklemonkey

Sparklemonkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 August 2010 - 02:20 PM

Yay! Thanks for replying. Please let me know what to do next!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 14 August 2010 - 04:38 PM

Please run MBRCheck, we may have a rootkit hanging around

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 17 August 2010 - 07:28 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 Sparklemonkey

Sparklemonkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 18 August 2010 - 01:02 AM

Sorry! I subscribed to this post and am not getting notified via email. I will make sure to check back more often. Here is the scan you requested!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F87000 fltmgr.sys
0xB9F59000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F48000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0D8000 sshrmd.sys
0xBA0E8000 ssfs0bbc.sys
0xB9F1A000 ssidrv.sys
0xB9EED000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0F8000 MountMgr.sys
0xB9ECE000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9EA8000 dmio.sys
0xBA338000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA108000 VolSnap.sys
0xB9E90000 atapi.sys
0xB9DC9000 iaStor.sys
0xBA118000 disk.sys
0xBA128000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DB7000 sr.sys
0xB9D7E000 PCTCore.sys
0xBA138000 Lbd.sys
0xB9D67000 KSecDD.sys
0xB9CDA000 Ntfs.sys
0xB9CC0000 Mup.sys
0xB958E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8A41000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8A2D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8A09000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB89E1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB87C6000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB879B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB8787000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB957E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB8773000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB8722000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB956E000 \SystemRoot\system32\DRIVERS\winbondhidcir.sys
0xB955E000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB86A7000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA458000 \SystemRoot\system32\DRIVERS\hidshim.sys
0xB954E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB953E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8671000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB952E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB951E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB950E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB864E000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9A19000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9A11000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9A0D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA738000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB94FE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A09000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8637000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB90AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB909F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8626000 \SystemRoot\system32\DRIVERS\psched.sys
0xB908F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB85CE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB907F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8570000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9C4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB5A79000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB5A55000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xBA624000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB0B48000 \SystemRoot\System32\Drivers\Null.SYS
0xBA658000 \SystemRoot\System32\Drivers\Beep.SYS
0xB17D8000 \SystemRoot\System32\drivers\vga.sys
0xBA65A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB2768000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB17D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB17C8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB1A07000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB06DA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0681000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB0659000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0637000 \SystemRoot\System32\drivers\afd.sys
0xB28CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB060C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB059C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB28FA000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0576000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB12D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB1AC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9BB8000 \SystemRoot\System32\Drivers\usbvideo.sys
0xAB2DD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA9BA7000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA9AE0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB188F000 \SystemRoot\System32\drivers\Dxapi.sys
0xAA425000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7BC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA3A0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAB65F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB2E9000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA65C9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6568000 \SystemRoot\System32\Drivers\adfs.SYS
0xA652B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB906F000 \SystemRoot\system32\drivers\sysaudio.sys
0xA62C4000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA626000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xA4C05000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
572 C:\WINDOWS\system32\smss.exe
636 csrss.exe
664 C:\WINDOWS\system32\winlogon.exe
708 C:\WINDOWS\system32\services.exe
720 C:\WINDOWS\system32\lsass.exe
872 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
892 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
992 C:\WINDOWS\system32\svchost.exe
1072 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1124 svchost.exe
1176 svchost.exe
1452 C:\WINDOWS\system32\spoolsv.exe
1528 svchost.exe
1624 C:\Program Files\Alienware\Command Center\AlienFusionService.exe
1756 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1772 C:\Program Files\Bonjour\mDNSResponder.exe
1864 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1912 C:\WINDOWS\explorer.exe
2036 svchost.exe
220 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
264 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
456 C:\Program Files\Java\jre6\bin\jqs.exe
496 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
540 C:\WINDOWS\system32\nvsvc32.exe
588 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
864 C:\WINDOWS\system32\svchost.exe
1064 wdfmgr.exe
1216 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
2276 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2284 C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe
2348 C:\WINDOWS\system32\rundll32.exe
2380 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2400 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2448 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2504 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2544 C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2576 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
2708 C:\WINDOWS\RTHDCPL.exe
2808 C:\WINDOWS\system32\rundll32.exe
2880 C:\Program Files\iTunes\iTunesHelper.exe
2964 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
2992 C:\WINDOWS\system32\wbem\unsecapp.exe
3032 wmiprvse.exe
3556 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
3572 C:\WINDOWS\system32\ctfmon.exe
3588 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3596 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3648 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
1536 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1820 C:\Program Files\iPod\bin\iPodService.exe
3076 alg.exe
3172 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3652 C:\WINDOWS\system32\taskmgr.exe
2064 SSU.exe
2176 C:\Program Files\Mozilla Firefox\firefox.exe
784 C:\Documents and Settings\Damara\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9200420ASG, Rev: 3.ADD

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 18 August 2010 - 01:39 PM

Might be a setting on the site. Click My Controls, then on the left look for Options and click Email Settings. Make sure that the last option (Enable 'Email Notification' by default? If ticked, choose default type:) is set for Immediate notification on the drop down menu.

Please run TDSSKiller, TDSSKiller should be able to eliminate the most prolific rootkit at the moment.
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 Sparklemonkey

Sparklemonkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 19 August 2010 - 12:26 AM

2010/08/18 22:24:48.0453 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 22:24:48.0453 ================================================================================
2010/08/18 22:24:48.0453 SystemInfo:
2010/08/18 22:24:48.0453
2010/08/18 22:24:48.0453 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/18 22:24:48.0453 Product type: Workstation
2010/08/18 22:24:48.0453 ComputerName: BENDER
2010/08/18 22:24:48.0453 UserName: Damara
2010/08/18 22:24:48.0453 Windows directory: C:\WINDOWS
2010/08/18 22:24:48.0453 System windows directory: C:\WINDOWS
2010/08/18 22:24:48.0453 Processor architecture: Intel x86
2010/08/18 22:24:48.0453 Number of processors: 2
2010/08/18 22:24:48.0453 Page size: 0x1000
2010/08/18 22:24:48.0453 Boot type: Normal boot
2010/08/18 22:24:48.0453 ================================================================================
2010/08/18 22:24:48.0734 Initialize success
2010/08/18 22:24:57.0984 ================================================================================
2010/08/18 22:24:57.0984 Scan started
2010/08/18 22:24:57.0984 Mode: Manual;
2010/08/18 22:24:57.0984 ================================================================================
2010/08/18 22:24:58.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/18 22:24:58.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/18 22:24:58.0812 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/08/18 22:24:58.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/18 22:24:58.0921 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/18 22:24:58.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/18 22:24:59.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/18 22:24:59.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/18 22:24:59.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/18 22:24:59.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/18 22:24:59.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/18 22:24:59.0421 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/08/18 22:24:59.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/18 22:24:59.0546 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/08/18 22:24:59.0562 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/08/18 22:24:59.0640 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/08/18 22:24:59.0656 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/08/18 22:24:59.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/18 22:24:59.0718 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/18 22:24:59.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/18 22:24:59.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/18 22:24:59.0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/18 22:24:59.0875 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/18 22:24:59.0921 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/18 22:25:00.0031 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/18 22:25:00.0109 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/18 22:25:00.0140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/18 22:25:00.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/18 22:25:00.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/18 22:25:00.0281 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/18 22:25:00.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/18 22:25:00.0390 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/18 22:25:00.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/18 22:25:00.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/18 22:25:00.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/18 22:25:00.0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/18 22:25:00.0531 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/18 22:25:00.0593 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/18 22:25:00.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/18 22:25:00.0640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/18 22:25:00.0703 hidshim (6fdd1dd2d2ea9c4f690da8066055a3b3) C:\WINDOWS\system32\DRIVERS\hidshim.sys
2010/08/18 22:25:00.0718 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/18 22:25:00.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/18 22:25:00.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/18 22:25:01.0125 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/18 22:25:01.0343 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/08/18 22:25:01.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/18 22:25:01.0656 IntcAzAudAddService (7e50f7bd946492cd5f364aa345379fe9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/18 22:25:01.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/18 22:25:01.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/18 22:25:01.0859 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/18 22:25:01.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/18 22:25:01.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/18 22:25:01.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/18 22:25:02.0031 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/18 22:25:02.0062 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/18 22:25:02.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/18 22:25:02.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/18 22:25:02.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/18 22:25:02.0203 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/18 22:25:02.0234 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/18 22:25:02.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/18 22:25:02.0375 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/18 22:25:02.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/18 22:25:02.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/18 22:25:02.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/18 22:25:02.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/18 22:25:02.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/18 22:25:02.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/18 22:25:02.0562 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/18 22:25:02.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/18 22:25:02.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/18 22:25:02.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/18 22:25:02.0671 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/18 22:25:02.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/18 22:25:02.0734 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/18 22:25:02.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/18 22:25:02.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/18 22:25:02.0812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/18 22:25:02.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/18 22:25:02.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/18 22:25:02.0859 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/18 22:25:02.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/18 22:25:02.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/18 22:25:03.0015 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/08/18 22:25:03.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/18 22:25:03.0125 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/18 22:25:03.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/18 22:25:03.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/18 22:25:03.0406 nv (04b92c82d5016053e7069a216deeda58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/18 22:25:03.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/18 22:25:03.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/18 22:25:03.0718 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/18 22:25:03.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/18 22:25:03.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/18 22:25:03.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/18 22:25:03.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/18 22:25:03.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/18 22:25:03.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/18 22:25:04.0000 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/08/18 22:25:04.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/18 22:25:04.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/18 22:25:04.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/18 22:25:04.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/18 22:25:04.0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/18 22:25:04.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/18 22:25:04.0531 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/18 22:25:04.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/18 22:25:04.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/18 22:25:04.0625 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/18 22:25:04.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/18 22:25:04.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/18 22:25:04.0781 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/08/18 22:25:04.0843 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/18 22:25:04.0859 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/18 22:25:04.0875 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/18 22:25:04.0953 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/08/18 22:25:05.0031 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/18 22:25:05.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/18 22:25:05.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/18 22:25:05.0187 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/18 22:25:05.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/18 22:25:05.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/18 22:25:05.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/18 22:25:05.0421 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/18 22:25:05.0500 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
2010/08/18 22:25:05.0515 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2010/08/18 22:25:05.0546 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2010/08/18 22:25:05.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/18 22:25:05.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/18 22:25:05.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/18 22:25:05.0828 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/18 22:25:05.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/18 22:25:05.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/18 22:25:06.0000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/18 22:25:06.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/18 22:25:06.0062 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/18 22:25:06.0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/18 22:25:06.0218 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/18 22:25:06.0281 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/18 22:25:06.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/18 22:25:06.0343 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/18 22:25:06.0390 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/18 22:25:06.0406 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/18 22:25:06.0437 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/18 22:25:06.0468 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/18 22:25:06.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/18 22:25:06.0562 vncdrv (67e6daca80eb4e1cba2ca02a09e76f32) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2010/08/18 22:25:06.0593 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/18 22:25:06.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/18 22:25:06.0703 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/08/18 22:25:06.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/18 22:25:06.0828 winbondhidcir (85072486ec208ca0c63c33bbc1a88a4b) C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
2010/08/18 22:25:06.0906 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/18 22:25:06.0953 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/18 22:25:07.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/18 22:25:07.0156 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2010/08/18 22:25:07.0203 ================================================================================
2010/08/18 22:25:07.0203 Scan finished
2010/08/18 22:25:07.0203 ================================================================================


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 19 August 2010 - 12:14 PM

Please run MBAM again and see if that's clean

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:43 AM

Posted 21 August 2010 - 07:08 PM

You still there?
Posted Image
m0le is a proud member of UNITE

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 23 August 2010 - 01:20 AM

hello

I am going to take this over for mole he is going to be away


do you still need help with this?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 26 August 2010 - 11:46 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sparklemonkey

Sparklemonkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 27 August 2010 - 12:15 AM

Malware Bytes comes up clean, as does everything else, but webroot is still blocking random websites, although less frequently. Not sure if i still need help or no? Or is it clean?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 27 August 2010 - 01:02 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 30 August 2010 - 01:30 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users