Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit virus I have already run DDS


  • This topic is locked This topic is locked
29 replies to this topic

#1 alncindi

alncindi

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 November 2010 - 02:46 PM

When I start my computer I get the following message Error Loading C:\windows\system32\config\systemprofile\AppData\local\elehiheh.dll

I am running Vista and internet explorer8 Below is a copy of the DDS log. THE GMER shut down on me and would not run

DDS (Ver_10-11-27.01) - NTFSx86
Run by ALAN at 14:06:06.55 on Tue 11/30/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.958.276 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro PC-cillin Internet Security 2007 *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ALAN\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101102234739.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SFrLNjqHIa.exe] c:\users\alan\appdata\local\temp\SFrLNjqHIa.exe
uRun: [303255772] c:\users\alan\appdata\local\temp\303255772.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wxabedabenud] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\elehiheh.dll",Startup
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
dRun: [lduyeyesog] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\olsbtfp.dll",Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: ebay.com\www
Trusted Zone: myloweslife.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\hz901fo8.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-18 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-3-18 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-3-18 164840]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-7-29 145424]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-18 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-18 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-18 141792]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-7-29 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-18 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-7-29 256528]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-18 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-18 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-18 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-18 313288]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2007-3-12 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-26 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-26 677128]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-18 84264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-28 03:26:15 -------- d-----w- c:\users\alan\appdata\local\Apple
2010-11-28 03:18:13 -------- d-----w- c:\users\alan\appdata\local\Apple Computer
2010-11-27 03:37:44 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-27 03:36:37 -------- d-----w- c:\program files\WhiteSmoke Translator
2010-11-26 22:04:29 -------- d-----w- c:\program files\ConduitEngine
2010-11-26 22:04:17 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 22:03:38 -------- d-----w- c:\users\alan\appdata\roaming\BitTorrent
2010-11-14 23:18:34 -------- d-----w- c:\progra~2\Norton
2010-11-14 23:18:33 -------- d-----w- c:\progra~2\Symantec
2010-11-14 23:18:31 -------- d-----w- c:\progra~2\NortonInstaller
2010-11-14 23:15:57 -------- d-----w- c:\users\alan\appdata\local\OpenCandy
2010-11-14 23:15:30 -------- d-----w- c:\users\alan\appdata\roaming\OpenCandy
2010-11-14 00:41:10 -------- d-----w- c:\users\alan\appdata\roaming\Malwarebytes
2010-11-14 00:40:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 00:40:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 00:40:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-14 00:40:43 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-13 23:58:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-03 00:52:06 -------- d-----w- c:\program files\AskBarDis

==================== Find3M ====================

2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_ rev.P22O -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86383446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86389504]; MOV EAX, [0x86389580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82494962] -> \Device\Harddisk0\DR0[0x85EEDAC8]
3 CLASSPNP[0x82FAB8B3] -> ntkrnlpa!IofCallDriver[0x82494962] -> [0x8529EE00]
5 acpi[0x806166BC] -> ntkrnlpa!IofCallDriver[0x82494962] -> [0x844FA758]
\Driver\nvstor32[0x85861188] -> IRP_MJ_CREATE -> 0x86383446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000070 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDS721616PLA#4&21479b0c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 14:10:40.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:10 AM

Posted 07 December 2010 - 05:41 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 December 2010 - 05:59 PM

Thank you so much for contacting me. I really appreciate the help. I have not done anything with this computer since i first reported the trouble to you. I have a laptop that I can use now instead of this desk top until I get the desktop fixed. My teenage son downloaded a program called Bit Torrent? that started the whole problem I started having. The program also installed another program called White Smoke and I started getting a lot of redirects to other websites and very slow performance and windows keeps locking up on me. I get a message that says Host Processes for windows stopped working and was closed.
Here is a new DDS log. I cannot get the GMER to finish a scan. It starts scanning then after about 4 to 5 minutes it shuts down.
Thanks for your helpAttached File  Attach2.txt   5KB   0 downloads


DDS (Ver_10-11-27.01) - NTFSx86
Run by ALAN at 13:56:12.28 on Thu 12/09/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.958.97 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro PC-cillin Internet Security 2007 *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\sttray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\ALAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101102234739.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SFrLNjqHIa.exe] c:\users\alan\appdata\local\temp\SFrLNjqHIa.exe
uRun: [303255772] c:\users\alan\appdata\local\temp\303255772.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wxabedabenud] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\elehiheh.dll",Startup
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
dRun: [lduyeyesog] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\olsbtfp.dll",Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: ebay.com\www
Trusted Zone: myloweslife.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\hz901fo8.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-18 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-3-18 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-3-18 164840]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-7-29 145424]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-18 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-18 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-18 141792]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-7-29 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-18 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-7-29 256528]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-18 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-18 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-18 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-18 313288]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2007-3-12 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-26 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-26 677128]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-18 84264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-28 03:26:15 -------- d-----w- c:\users\alan\appdata\local\Apple
2010-11-28 03:18:13 -------- d-----w- c:\users\alan\appdata\local\Apple Computer
2010-11-27 03:37:44 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-27 03:36:37 -------- d-----w- c:\program files\WhiteSmoke Translator
2010-11-26 22:04:29 -------- d-----w- c:\program files\ConduitEngine
2010-11-26 22:04:17 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 22:03:38 -------- d-----w- c:\users\alan\appdata\roaming\BitTorrent
2010-11-14 23:18:34 -------- d-----w- c:\progra~2\Norton
2010-11-14 23:18:33 -------- d-----w- c:\progra~2\Symantec
2010-11-14 23:18:31 -------- d-----w- c:\progra~2\NortonInstaller
2010-11-14 23:15:57 -------- d-----w- c:\users\alan\appdata\local\OpenCandy
2010-11-14 23:15:30 -------- d-----w- c:\users\alan\appdata\roaming\OpenCandy
2010-11-14 00:41:10 -------- d-----w- c:\users\alan\appdata\roaming\Malwarebytes
2010-11-14 00:40:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 00:40:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 00:40:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-14 00:40:43 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-13 23:58:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_ rev.P22O -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86385446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8638b504]; MOV EAX, [0x8638b580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82445962] -> \Device\Harddisk0\DR0[0x85EEF918]
3 CLASSPNP[0x82F9F8B3] -> ntkrnlpa!IofCallDriver[0x82445962] -> [0x84509150]
5 acpi[0x806136BC] -> ntkrnlpa!IofCallDriver[0x82445962] -> [0x84509C90]
\Driver\nvstor32[0x8636DAC0] -> IRP_MJ_CREATE -> 0x86385446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000070 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDS721616PLA#4&21479b0c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 13:58:12.58 ===============

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 10 December 2010 - 01:28 PM

Hi

Please do the following:


Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 December 2010 - 07:40 AM

I have been away from that computer for the past couple days. I will download and run the combo fix later today. Thanks again for helping me out.
Alan

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 16 December 2010 - 02:39 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 December 2010 - 03:26 PM

Catbyte, here is a copy of the Combo log.Again sorry for the delay.
Thanks Alan.

ComboFix 10-12-15.07 - ALAN 12/16/2010 14:25:14.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.958.373 [GMT -5:00]
Running from: c:\users\ALAN\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ALAN\openoffice.exe
c:\users\ALAN\x3430 printer driver.exe
c:\windows\system32\service
c:\windows\system32\service\02052010_TIS17_SfFniAU.log
c:\windows\system32\service\03072009_TIS17_SfFniAU.log
c:\windows\system32\service\04112010_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_SfFniAU.log
c:\windows\system32\service\05052009_TIS17_SfFniAU.log
c:\windows\system32\service\06092010_TIS17_SfFniAU.log
c:\windows\system32\service\07092009_TIS17_SfFniAU.log
c:\windows\system32\service\08092009_TIS17_SfFniAU.log
c:\windows\system32\service\09122010_TIS17_SfFniAU.log
c:\windows\system32\service\10122009_TIS17_SfFniAU.log
c:\windows\system32\service\10122010_TIS17_SfFniAU.log
c:\windows\system32\service\12092010_TIS17_SfFniAU.log
c:\windows\system32\service\13112010_TIS17_SfFniAU.log
c:\windows\system32\service\14062010_TIS17_SfFniAU.log
c:\windows\system32\service\15092010_TIS17_SfFniAU.log
c:\windows\system32\service\16052009_TIS17_SfFniAU.log
c:\windows\system32\service\18052010_TIS17_SfFniAU.log
c:\windows\system32\service\18092010_TIS17_SfFniAU.log
c:\windows\system32\service\19122009_TIS17_SfFniAU.log
c:\windows\system32\service\20082010_TIS17_SfFniAU.log
c:\windows\system32\service\22062010_TIS17_SfFniAU.log
c:\windows\system32\service\22102009_TIS17_SfFniAU.log
c:\windows\system32\service\27032010_TIS17_SfFniAU.log
c:\windows\system32\service\27112010_TIS17_SfFniAU.log
c:\windows\system32\service\30112010_TIS17_SfFniAU.log
c:\windows\system32\service\31072010_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-16 19:52 . 2010-12-16 19:55 -------- d-----w- c:\users\ALAN\AppData\Local\temp
2010-12-16 19:52 . 2010-12-16 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 21:32 . 2010-11-02 05:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-14 21:32 . 2010-11-02 05:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-14 21:32 . 2010-11-02 04:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 21:32 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 21:31 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-10 21:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-28 03:26 . 2010-11-28 03:26 -------- d-----w- c:\users\ALAN\AppData\Local\Apple
2010-11-28 03:18 . 2010-11-28 03:18 -------- d-----w- c:\users\ALAN\AppData\Local\Apple Computer
2010-11-27 09:49 . 2010-11-29 17:37 2979328 ----a-w- c:\windows\system32\config\systemprofile\explorer.exe
2010-11-27 09:49 . 2009-04-11 06:27 2926592 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak
2010-11-27 03:37 . 2010-11-27 03:39 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-27 03:36 . 2010-11-27 03:37 -------- d-----w- c:\program files\WhiteSmoke Translator
2010-11-26 22:04 . 2010-11-26 22:04 -------- d-----w- c:\program files\ConduitEngine
2010-11-26 22:04 . 2010-11-26 22:04 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 22:03 . 2010-11-26 22:03 -------- d-----w- c:\users\ALAN\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 02:28 . 2010-03-18 19:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-03-18 19:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-03-18 19:28 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-14 02:28 . 2010-03-18 19:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 02:28 . 2010-03-18 19:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-03-18 19:28 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-14 02:28 . 2010-03-18 19:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-03-18 19:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 02:28 . 2010-03-18 19:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-03-18 19:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2007-03-12 09:01 . 2007-04-28 21:28 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 . 2007-04-28 21:28 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 . 2007-04-28 21:28 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-10-14 02:28 . 2010-03-18 19:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2007-03-12 09:01 . 2007-04-28 21:28 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 . 2007-04-28 21:28 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-5 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-04 497008]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-04 677128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 141792]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 50192]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{570D3DA2-D6A0-4FDE-AF22-30F3EB94C191}.job
- c:\windows\system32\msfeedssync.exe [2010-12-14 04:25]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{685DA965-780F-49DD-836E-BF61ADA12567}.job
- c:\windows\system32\msfeedssync.exe [2010-12-14 04:25]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{9BAE05E7-0B7D-4F0F-A647-061950998885}.job
- c:\windows\system32\msfeedssync.exe [2010-12-14 04:25]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{A86C4599-6111-445F-847D-F9CEDCB779B8}.job
- c:\windows\system32\msfeedssync.exe [2010-12-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: ebay.com\www
Trusted Zone: myloweslife.com\www
FF - ProfilePath - c:\users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\hz901fo8.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 14:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,e4,8f,e9,6b,56,71,48,8f,67,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,e4,8f,e9,6b,56,71,48,8f,67,6c,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-16 15:03:22
ComboFix-quarantined-files.txt 2010-12-16 20:03

Pre-Run: 60,339,957,760 bytes free
Post-Run: 78,957,056,000 bytes free

- - End Of File - - 99F561C7DB424160840643B0C0177378

#8 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 December 2010 - 03:32 PM

One other note too. I see where Trend Micro antivirus is still showing up on my system. I used to use that a few years ago and i kept having trouble with them double billing me for it. I now have Mcafee that I use but I could never get all the Trend Micro to uninstall. in your opinion what is the best Antivirus I can use on this computer. Its just a desk top that the whole family uses to look up info on and play around on facebook with. AND My son has now learned to only download music that he pays for from I-tunes.
Thanks Alan

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 16 December 2010 - 05:29 PM

Hi

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic364062.html/page__view__findpost__p__2058902

Collect::
c:\windows\system32\config\systemprofile\explorer.exe
c:\windows\system32\config\systemprofile\explorer.bak

SecCenter::
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED

Folder::
c:\program files\whitesmoketoolbar
c:\program files\WhiteSmoke Translator
c:\program files\Trend Micro

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"=-

Driver::
TmPfw
TmProxy
tmlwf
tmevtmgr
tmpreflt
tmwfp

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 December 2010 - 12:34 AM

Catbyte, below is a copy of the TDSSKILLER log, I cannot get the combofix to run and generate a log.
I copied and pasted the script in the box to a notepad as directed on my desktop but when I drag and drop it onto combofix the combofix acts like its starting but then nothing happens and no log is ever generated from it.
I have verified that I did copy everything from the codebox into note pad.

Thanks Alan

2010/12/17 12:42:14.0037 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/17 12:42:14.0037 ================================================================================
2010/12/17 12:42:14.0037 SystemInfo:
2010/12/17 12:42:14.0037
2010/12/17 12:42:14.0037 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/17 12:42:14.0037 Product type: Workstation
2010/12/17 12:42:14.0037 ComputerName: ALAN-PC
2010/12/17 12:42:14.0037 UserName: ALAN
2010/12/17 12:42:14.0037 Windows directory: C:\Windows
2010/12/17 12:42:14.0037 System windows directory: C:\Windows
2010/12/17 12:42:14.0037 Processor architecture: Intel x86
2010/12/17 12:42:14.0037 Number of processors: 2
2010/12/17 12:42:14.0037 Page size: 0x1000
2010/12/17 12:42:14.0037 Boot type: Normal boot
2010/12/17 12:42:14.0037 ================================================================================
2010/12/17 12:42:16.0158 Initialize success
2010/12/17 12:42:25.0627 ================================================================================
2010/12/17 12:42:25.0627 Scan started
2010/12/17 12:42:25.0627 Mode: Manual;
2010/12/17 12:42:25.0627 ================================================================================
2010/12/17 12:42:36.0625 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/17 12:42:37.0187 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/17 12:42:37.0312 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/17 12:42:37.0405 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/17 12:42:37.0546 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/17 12:42:37.0671 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/17 12:42:37.0780 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/17 12:42:37.0842 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/17 12:42:37.0905 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/12/17 12:42:38.0263 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/17 12:42:38.0388 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/12/17 12:42:38.0685 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/17 12:42:38.0778 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/17 12:42:38.0934 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/17 12:42:38.0997 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/17 12:42:39.0121 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/17 12:42:39.0199 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
2010/12/17 12:42:39.0558 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/12/17 12:42:39.0636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/17 12:42:39.0839 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/17 12:42:39.0979 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/17 12:42:40.0026 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/17 12:42:40.0338 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/17 12:42:40.0385 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/17 12:42:40.0557 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/17 12:42:40.0619 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/17 12:42:40.0697 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/17 12:42:40.0993 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/17 12:42:41.0149 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/17 12:42:41.0284 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2010/12/17 12:42:41.0581 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/17 12:42:41.0659 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/17 12:42:41.0721 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/12/17 12:42:42.0002 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/17 12:42:42.0080 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/17 12:42:42.0127 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/17 12:42:42.0267 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/17 12:42:42.0392 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/17 12:42:42.0532 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2010/12/17 12:42:42.0813 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2010/12/17 12:42:42.0953 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2010/12/17 12:42:43.0156 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2010/12/17 12:42:43.0312 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2010/12/17 12:42:43.0406 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2010/12/17 12:42:43.0609 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2010/12/17 12:42:43.0718 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2010/12/17 12:42:43.0936 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2010/12/17 12:42:44.0045 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2010/12/17 12:42:44.0233 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/17 12:42:44.0342 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2010/12/17 12:42:44.0373 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2010/12/17 12:42:44.0623 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/17 12:42:44.0654 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
2010/12/17 12:42:44.0903 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/17 12:42:44.0997 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/17 12:42:45.0106 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/17 12:42:45.0184 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/17 12:42:45.0278 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/17 12:42:45.0496 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/17 12:42:45.0590 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/17 12:42:45.0699 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/17 12:42:45.0886 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/17 12:42:45.0949 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/17 12:42:46.0027 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/17 12:42:46.0167 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/17 12:42:46.0261 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/17 12:42:46.0323 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/17 12:42:46.0495 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/17 12:42:46.0635 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/17 12:42:46.0713 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/17 12:42:46.0838 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/17 12:42:46.0916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/17 12:42:47.0087 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/17 12:42:47.0150 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/17 12:42:47.0228 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/17 12:42:47.0446 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/12/17 12:42:47.0758 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/12/17 12:42:47.0821 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/17 12:42:47.0961 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/17 12:42:48.0039 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/17 12:42:48.0164 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/17 12:42:48.0226 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/12/17 12:42:48.0273 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/17 12:42:48.0398 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/17 12:42:48.0476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/17 12:42:48.0523 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/17 12:42:48.0663 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/17 12:42:48.0710 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/17 12:42:48.0850 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/17 12:42:48.0881 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/17 12:42:49.0022 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/17 12:42:49.0084 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/17 12:42:49.0162 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/17 12:42:49.0256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/17 12:42:49.0615 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/17 12:42:50.0145 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/17 12:42:50.0473 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/17 12:42:50.0909 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/17 12:42:51.0050 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/17 12:42:51.0299 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/17 12:42:51.0487 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/17 12:42:51.0565 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/17 12:42:51.0643 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/17 12:42:51.0877 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2010/12/17 12:42:51.0970 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2010/12/17 12:42:52.0142 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2010/12/17 12:42:52.0204 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/12/17 12:42:52.0298 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2010/12/17 12:42:52.0360 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2010/12/17 12:42:52.0563 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/17 12:42:52.0657 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/17 12:42:52.0719 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/17 12:42:52.0813 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/17 12:42:52.0875 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/17 12:42:52.0969 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/17 12:42:53.0078 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/17 12:42:53.0140 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/17 12:42:53.0203 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/17 12:42:53.0296 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/17 12:42:53.0359 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/17 12:42:53.0405 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/17 12:42:53.0452 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/12/17 12:42:53.0702 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/17 12:42:53.0827 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/17 12:42:53.0905 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/17 12:42:54.0061 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/17 12:42:54.0170 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/17 12:42:54.0217 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/17 12:42:54.0310 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/17 12:42:54.0419 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/17 12:42:54.0529 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/17 12:42:54.0607 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/17 12:42:54.0731 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/17 12:42:54.0841 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/17 12:42:55.0043 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/17 12:42:55.0137 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/17 12:42:55.0199 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/17 12:42:55.0309 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/17 12:42:55.0418 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/17 12:42:55.0496 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/17 12:42:55.0621 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/17 12:42:55.0683 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/17 12:42:55.0777 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/17 12:42:55.0886 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/17 12:42:55.0995 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/17 12:42:56.0089 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/17 12:42:56.0276 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/17 12:42:56.0603 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/17 12:42:56.0650 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2010/12/17 12:42:56.0853 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/12/17 12:42:56.0962 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/17 12:42:57.0165 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/17 12:42:57.0321 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/17 12:42:57.0415 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/17 12:42:57.0461 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/17 12:42:57.0539 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/17 12:42:57.0633 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2010/12/17 12:42:57.0836 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/17 12:42:57.0945 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/17 12:42:58.0163 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/17 12:42:58.0257 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/17 12:42:58.0397 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/17 12:42:58.0507 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/17 12:42:58.0725 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/17 12:42:58.0865 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/17 12:42:58.0959 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/17 12:42:59.0146 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/17 12:42:59.0349 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/17 12:42:59.0474 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/17 12:42:59.0536 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/17 12:42:59.0614 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/17 12:42:59.0692 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/17 12:42:59.0801 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/17 12:42:59.0864 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/17 12:43:00.0051 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/17 12:43:00.0223 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/17 12:43:00.0332 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2010/12/17 12:43:00.0457 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/17 12:43:00.0659 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/17 12:43:00.0815 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/17 12:43:00.0878 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
2010/12/17 12:43:01.0127 rt61x86 (6de7a483204ca5a57b672dcb25716361) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
2010/12/17 12:43:01.0424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/17 12:43:01.0517 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/17 12:43:01.0580 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/17 12:43:01.0627 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/17 12:43:01.0736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/17 12:43:01.0829 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/17 12:43:01.0876 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/17 12:43:01.0985 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/17 12:43:02.0017 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/17 12:43:02.0079 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/17 12:43:02.0266 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/17 12:43:02.0329 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/17 12:43:02.0375 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/17 12:43:02.0469 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/17 12:43:02.0609 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/17 12:43:02.0797 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/17 12:43:02.0875 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/17 12:43:03.0187 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2010/12/17 12:43:03.0436 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/17 12:43:03.0514 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/17 12:43:03.0561 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/17 12:43:03.0608 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/17 12:43:03.0779 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/17 12:43:03.0935 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/17 12:43:03.0998 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/17 12:43:04.0076 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/17 12:43:04.0185 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/17 12:43:04.0247 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/17 12:43:04.0325 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/17 12:43:04.0481 tmactmon (333fd294e6c34232af115f3f11dcaa98) C:\Windows\system32\DRIVERS\tmactmon.sys
2010/12/17 12:43:04.0715 tmcomm (0567bf9d1a75bf6c8ff549579fa2aff1) C:\Windows\system32\DRIVERS\tmcomm.sys
2010/12/17 12:43:05.0012 tmevtmgr (76920d2989848744b47b6de8c46fa175) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2010/12/17 12:43:05.0074 tmlwf (d5ce61a14f7489d1ae827de8ddd9a87d) C:\Windows\system32\DRIVERS\tmlwf.sys
2010/12/17 12:43:05.0230 tmpreflt (1615eb81a09c3c36ba8b4a1b1d525d8f) C:\Windows\system32\DRIVERS\tmpreflt.sys
2010/12/17 12:43:05.0495 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\Windows\system32\DRIVERS\tmtdi.sys
2010/12/17 12:43:05.0542 tmwfp (abd052191da6d8d6f5357c600a179d48) C:\Windows\system32\DRIVERS\tmwfp.sys
2010/12/17 12:43:05.0761 tmxpflt (44b4a683b8de31b709d1e5fc5d01dcc6) C:\Windows\system32\DRIVERS\tmxpflt.sys
2010/12/17 12:43:06.0041 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/17 12:43:06.0151 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/17 12:43:06.0525 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/17 12:43:06.0650 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/17 12:43:07.0009 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/17 12:43:07.0321 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/17 12:43:07.0445 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/17 12:43:07.0555 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/17 12:43:07.0648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/17 12:43:07.0711 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/17 12:43:07.0851 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/17 12:43:08.0101 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/17 12:43:08.0225 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/17 12:43:08.0288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/17 12:43:08.0350 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/17 12:43:08.0475 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/17 12:43:08.0553 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/17 12:43:08.0631 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/17 12:43:08.0678 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/17 12:43:08.0740 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/17 12:43:08.0865 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/17 12:43:08.0959 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/17 12:43:09.0021 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/17 12:43:09.0193 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/17 12:43:09.0239 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2010/12/17 12:43:09.0489 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/17 12:43:09.0567 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/17 12:43:09.0676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/17 12:43:09.0770 vsapint (84b4bfc6808adfdeb0716af857dd9519) C:\Windows\system32\DRIVERS\vsapint.sys
2010/12/17 12:43:10.0004 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/17 12:43:10.0144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/17 12:43:10.0207 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 12:43:10.0238 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 12:43:10.0285 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/17 12:43:10.0409 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/17 12:43:10.0565 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/17 12:43:10.0877 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/17 12:43:11.0002 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/17 12:43:11.0111 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/17 12:43:11.0221 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/17 12:43:11.0314 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/17 12:43:11.0455 ================================================================================
2010/12/17 12:43:11.0455 Scan finished
2010/12/17 12:43:11.0455 ================================================================================

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 18 December 2010 - 12:41 AM

Hi

copy the script again

make sure you save it to your desktop as ComboFix.exe, then press he WinKey + R to open a run box

copy/paste the following command into the open run box > OK

"%userprofile%\Desktop\ComboFix.exe" "%userprofile%\Desktop\CFScript.txt"

If you still can't get it to run, try it in safe mode

> reboot > tap F8 repeatedly on startup until an advanced menu appears > arrow up to safe mode with networking > OK



post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 December 2010 - 12:08 AM

Catbyte,
Things aren't going to well on this end. I copied the text in the box again and tried to save it to my desktop as combofix.exe but I got a message that said "this file is set to read-only try again with a different file name".
So I went ahead and gave it the name CFScript.txt like before and tried to drag and drop it on combofix as previously instructed. This time combofix started and kept running the screen showed it was at "stage2??" when I had to leave the house tonight for an appointment. When I returned later There was a message on the screen that the computer was no longer connected to the internet and I needed to connect it and press ok to transmit the results. (or something like that). I cannot get the computer to connect to the internet now.
I have reset my modem, reset my wireless network and even restarted my computer but it will not connect.
I get a message that says "Network Adapter Broadcom 440x 10/100 integrated controller is experiencing driver or hardware issues"
When I open device manager and click on it the message says "it is working correctly".

Thanks
Alan V

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 19 December 2010 - 12:12 AM

Hi


(glad you knew what I meant...typo, I did mean CFScript.txt)


Try this to get the connnection back - it's not uncommon


reboot a couple of times, then do the following:

if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

Posted Image

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

Edited by CatByte, 19 December 2010 - 12:15 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 alncindi

alncindi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 December 2010 - 02:20 PM

Catbyte,
I still cannot get the computer connected to the internet. When I click on my connection it says I am connected with limited access. When I right click it and click diagnose, I get a pop up box that says.... "Wireless Network Connection is not correctly configured to use the IP protocol.
It also says... The network adapter Linksys Wireless-G PCI Adapter is experiencing driver or hardware related issues.
I have 2 laptops on this network and they are working fine.So I don't think the Linksys is really the issue.

Note. When I open my wireless network connection properties
Internet Protocol Version 6 (TCP/IPv6) IS CHECKED
Internet Protocol Version 4 (TCP/IPv4) IS CHECKED

BUT..on the Wireless Network Connection Status (General)
the IPv4 and the IPv6 connectivity both show Not Connected

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:10 PM

Posted 19 December 2010 - 02:30 PM

Hi

Please work through the following troubleshooting steps, let me know which one worked


  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox
  • Click on Advanced -> Network -> Settings…
  • the No Proxy option should be selected


NEXT


Press the Start button > type in CMD > right click CMD when it populates in the window and choose to "Run as an Administrator"

A command window will open >

Type in the following command at the command prompt and press Enter.


netsh winsock reset catalog

netsh int ip reset reset.log

netsh int ipv6 reset reset.log


Reboot the machine.


Once that completes then restart the system and see then if you are able to get online.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users