Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lkckclckl1i1i.com


  • This topic is locked This topic is locked
19 replies to this topic

#1 tonydes

tonydes

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 15 December 2010 - 09:55 AM

Greetings,

My ESET NOD32 antivirus program continually has to block a website called Lkckclckl1i1i.com at ip address62.122.75.136:80.

The following entries also appeared in the antivirus quarantine list:

12/7/2010 22:51 C:\WINDOWS\TEMP\nfwd\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:40 C:\WINDOWS\TEMP\fvib\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:30 C:\WINDOWS\TEMP\vmih\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:20 C:\WINDOWS\TEMP\rbqk\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:10 C:\WINDOWS\TEMP\dcut\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:59 C:\WINDOWS\TEMP\atiu\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:49 C:\WINDOWS\TEMP\kcjr\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:39 C:\WINDOWS\TEMP\uguo\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:29 C:\WINDOWS\TEMP\miys\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:19 C:\WINDOWS\TEMP\bdus\setup.exe Win32/TrojanDownloader.Unruy.BN trojan
12/1/2010 16:58 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0019396.dll a variant of Win32/Wimpixo.AA trojan
12/1/2010 5:23 c:\windows\system32\6to4v32.dll a variant of Win32/Wimpixo.AA trojan


Ran Spybot and Malwarebytes scans and removed threats that it found.


Also received 2 to involuntary installations of a program called Whitesmoke that I've been able to uninstall both times.

There does not appear to be any effect on the perfromance of my laptop.


Thx in advance for any help!!



DDS (Ver_10-12-12.02) - NTFSx86
Run by Tony at 16:24:58.00 on Mon 12/13/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.206 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Analyst\bin\AnalystService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Xcalibur\system\programs\CFRDBService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Xcalibur\system\programs\finSS_Server.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Flux Instruments\Virtual Instrument for Analyst Core\xviphs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Flock\flock.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe .exe .exe .exe .exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [UMonit] c:\windows\system32\UMonit.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1278253697400
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: hspdar1 - hspdar1.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\jymfwa9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 35168]
R2 AnalystService;AnalystService;c:\program files\analyst\bin\AnalystService.exe [2008-4-18 81920]
R2 CFRDBService;Finnigan Database Service;c:\xcalibur\system\programs\CFRDBService.exe [2007-3-21 262144]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe [2007-3-21 65536]
R2 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-6-9 78640]
R2 Virtual Instrument Proxy Host Starter;Virtual Instrument Proxy Host Starter;c:\program files\flux instruments\virtual instrument for analyst core\xviphs.exe [2007-11-1 110592]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-6-9 23180]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-9-24 16194]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2009-7-12 12416]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\drivers\wg511icb.sys --> c:\windows\system32\drivers\WG511ICB.sys [?]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2010-4-28 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2010-4-28 24192]

=============== Created Last 30 ================

2010-12-13 03:30:39 -------- d-----w- c:\docume~1\tony\applic~1\whitesmoketoolbar
2010-12-13 03:30:22 -------- d-----w- c:\program files\whitesmoketoolbar
2010-12-12 17:19:21 -------- d-----w- c:\windows\system32\NtmsData
2010-12-06 20:06:34 -------- d-----w- c:\program files\Analyst
2010-12-01 21:17:33 10752 ----a-w- c:\windows\system32\hspdar1.dll
2010-11-30 23:16:27 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-26 18:04:29 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{2d5fbf8d-7ec6-4bbb-bff0-32fde479c156}\mpengine.dll

==================== Find3M ====================

2010-12-06 20:11:33 67440 ----a-w- c:\windows\system32\DCP.EXE
2010-12-06 20:11:33 104368 ----a-w- c:\windows\system32\DCOMPERM.DLL
2010-12-05 17:21:51 256 ----a-w- c:\windows\system32\pool.bin
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH rev.00850028 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F00566]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f06624]; MOV EAX, [0x86f066a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F43AB8]
3 CLASSPNP[0xF75D2FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F7EED8]
\Driver\atapi[0x86F408C0] -> IRP_MJ_CREATE -> 0x86F00566
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080BH_______________________00850028#5&1f698b3f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F003B2
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 16:27:30.03 ===============

Attached Files


Edited by tonydes, 15 December 2010 - 10:16 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:28 PM

Posted 24 December 2010 - 07:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 24 December 2010 - 12:58 PM

Thank you for the response. I am still having trouble with random Lkckclckl1i1i.com blockages from my antivirus SW. I don't appear to have any performance issues with this machine despite this.

Below is a list of viruses that have been quarantined by ESET NOD 32 Antivirus. Also still getting unwanted installation of Whitesmoke Translator SW.

I have recently run the latest version of Malwarebytes in Safe mode and it found nothing.

Thank you very much in advance for any assistance you provide.


12/22/2010 15:18 Win32/Spy.Zbot.YW trojan
12/16/2010 12:43 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/16/2010 12:33 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/16/2010 11:51 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/16/2010 11:43 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/16/2010 11:33 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/16/2010 11:22 a variant of Win32/TrojanDownloader.Agent.QLI trojan
12/7/2010 22:51 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:40 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:30 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:20 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 22:10 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:59 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:49 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:39 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:29 Win32/TrojanDownloader.Unruy.BN trojan
12/7/2010 21:19 Win32/TrojanDownloader.Unruy.BN trojan
12/1/2010 16:58 a variant of Win32/Wimpixo.AA trojan
12/1/2010 5:23 a variant of Win32/Wimpixo.AA trojan







DDS (Ver_10-12-12.02) - NTFSx86
Run by Tony at 12:18:47.89 on Fri 12/24/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.246 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Xcalibur\system\programs\CFRDBService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Xcalibur\system\programs\finSS_Server.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Flux Instruments\Virtual Instrument for Analyst Core\xviphs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Flock\flock.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe .exe .exe .exe .exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [UMonit] c:\windows\system32\UMonit.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1278253697400
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\jymfwa9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 35168]
R2 CFRDBService;Finnigan Database Service;c:\xcalibur\system\programs\CFRDBService.exe [2007-3-21 262144]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe [2007-3-21 65536]
R2 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-6-9 78640]
R2 Virtual Instrument Proxy Host Starter;Virtual Instrument Proxy Host Starter;c:\program files\flux instruments\virtual instrument for analyst core\xviphs.exe [2007-11-1 110592]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-6-9 23180]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-9-24 16194]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2009-7-12 12416]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\drivers\wg511icb.sys --> c:\windows\system32\drivers\WG511ICB.sys [?]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2010-4-28 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2010-4-28 24192]

=============== Created Last 30 ================

2010-12-16 20:52:52 -------- d-----w- c:\program files\ThermoFinnigan
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-16 20:20:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-16 17:18:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-16 17:18:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-13 03:30:22 -------- d-----w- c:\program files\whitesmoketoolbar(2)
2010-12-12 17:19:21 -------- d-----w- c:\windows\system32\NtmsData
2010-12-10 20:01:07 -------- d-----w- c:\program files\Mozilla Firefox(2)
2010-12-06 20:06:34 -------- d-----w- c:\program files\Analyst
2010-11-30 23:16:27 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-26 18:04:29 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{2d5fbf8d-7ec6-4bbb-bff0-32fde479c156}\mpengine.dll

==================== Find3M ====================

2010-12-05 17:21:51 256 ----a-w- c:\windows\system32\pool.bin
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH rev.00850028 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86EA8566]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86eae624]; MOV EAX, [0x86eae6a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F83AB8]
3 CLASSPNP[0xF75D2FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F5D7E8]
\Driver\atapi[0x86F4A380] -> IRP_MJ_CREATE -> 0x86EA8566
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080BH_______________________00850028#5&1f698b3f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86EA83B2
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 12:19:26.20 ===============

Attached Files



#4 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 25 December 2010 - 01:05 PM

One more problem I've noticed is that Windows Update has also been disabled.

#5 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 25 December 2010 - 07:52 PM

Hi tonydes,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.



We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#6 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 December 2010 - 05:05 PM

Here is the requested information:



2010/12/27 13:46:49.0157 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 13:46:49.0157 ================================================================================
2010/12/27 13:46:49.0157 SystemInfo:
2010/12/27 13:46:49.0157
2010/12/27 13:46:49.0157 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/27 13:46:49.0157 Product type: Workstation
2010/12/27 13:46:49.0157 ComputerName: DDXCN2B1
2010/12/27 13:46:49.0157 UserName: Tony
2010/12/27 13:46:49.0157 Windows directory: C:\WINDOWS
2010/12/27 13:46:49.0157 System windows directory: C:\WINDOWS
2010/12/27 13:46:49.0157 Processor architecture: Intel x86
2010/12/27 13:46:49.0157 Number of processors: 2
2010/12/27 13:46:49.0157 Page size: 0x1000
2010/12/27 13:46:49.0157 Boot type: Normal boot
2010/12/27 13:46:49.0157 ================================================================================
2010/12/27 13:46:49.0735 Initialize success
2010/12/27 13:46:59.0095 ================================================================================
2010/12/27 13:46:59.0095 Scan started
2010/12/27 13:46:59.0095 Mode: Manual;
2010/12/27 13:46:59.0095 ================================================================================
2010/12/27 13:46:59.0845 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/27 13:46:59.0938 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/27 13:47:00.0063 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/27 13:47:00.0141 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/27 13:47:00.0220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/27 13:47:00.0298 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/27 13:47:00.0548 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/27 13:47:00.0626 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/27 13:47:00.0704 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/27 13:47:00.0813 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/27 13:47:00.0876 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/27 13:47:01.0063 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/27 13:47:01.0313 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/27 13:47:01.0391 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/27 13:47:01.0423 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/27 13:47:01.0470 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/27 13:47:01.0548 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/27 13:47:01.0626 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/12/27 13:47:01.0751 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/27 13:47:01.0845 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/27 13:47:02.0063 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/27 13:47:02.0126 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/27 13:47:02.0173 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/27 13:47:02.0282 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/27 13:47:02.0329 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/27 13:47:02.0391 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS
2010/12/27 13:47:02.0438 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/27 13:47:02.0532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/27 13:47:02.0641 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/27 13:47:02.0735 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/27 13:47:02.0829 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/27 13:47:02.0907 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/27 13:47:03.0001 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/27 13:47:03.0110 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/27 13:47:03.0235 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/27 13:47:03.0407 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/27 13:47:03.0516 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/27 13:47:03.0688 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/27 13:47:03.0766 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
2010/12/27 13:47:03.0938 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/27 13:47:04.0001 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/27 13:47:04.0220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/27 13:47:04.0376 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/27 13:47:04.0470 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/27 13:47:04.0501 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/12/27 13:47:04.0579 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/27 13:47:04.0610 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/27 13:47:04.0641 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/27 13:47:04.0657 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/12/27 13:47:04.0688 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/27 13:47:04.0704 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/27 13:47:04.0876 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/27 13:47:05.0204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/27 13:47:05.0298 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/27 13:47:05.0391 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/27 13:47:05.0548 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/12/27 13:47:05.0673 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/27 13:47:05.0876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/27 13:47:05.0985 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/27 13:47:06.0048 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/27 13:47:06.0110 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/27 13:47:06.0266 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/27 13:47:06.0329 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2010/12/27 13:47:06.0423 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/12/27 13:47:06.0641 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/27 13:47:06.0735 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/27 13:47:06.0860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/27 13:47:06.0970 FIXUSTOR (ca0466b4d477426dabf21ec668e9dc85) C:\WINDOWS\system32\DRIVERS\fixustor.sys
2010/12/27 13:47:07.0048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/27 13:47:07.0126 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/27 13:47:07.0235 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/27 13:47:07.0391 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/12/27 13:47:07.0470 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/27 13:47:07.0579 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/12/27 13:47:07.0751 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/27 13:47:07.0845 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/27 13:47:07.0923 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/12/27 13:47:08.0048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/27 13:47:08.0141 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/27 13:47:08.0220 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/27 13:47:08.0329 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/27 13:47:08.0391 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/27 13:47:08.0470 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/27 13:47:08.0641 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/27 13:47:08.0876 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/27 13:47:09.0016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/27 13:47:09.0095 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/27 13:47:09.0173 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/27 13:47:09.0235 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/27 13:47:09.0454 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/27 13:47:09.0798 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/27 13:47:09.0891 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/27 13:47:09.0954 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/27 13:47:10.0048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/27 13:47:10.0110 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/27 13:47:10.0188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/27 13:47:10.0313 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/27 13:47:10.0626 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/27 13:47:10.0704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/27 13:47:10.0798 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/27 13:47:10.0860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/27 13:47:11.0001 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/27 13:47:11.0141 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/27 13:47:11.0220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/27 13:47:11.0563 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/27 13:47:11.0829 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/27 13:47:11.0907 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/27 13:47:11.0954 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/27 13:47:12.0063 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/27 13:47:12.0126 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/27 13:47:12.0235 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/27 13:47:12.0298 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/27 13:47:12.0470 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/27 13:47:12.0657 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/27 13:47:12.0751 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/27 13:47:12.0845 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/27 13:47:12.0938 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/27 13:47:13.0016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/27 13:47:13.0079 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/27 13:47:13.0173 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/27 13:47:13.0282 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/27 13:47:13.0391 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/27 13:47:13.0454 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/27 13:47:13.0516 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/27 13:47:13.0563 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/27 13:47:13.0751 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/27 13:47:13.0954 NETw3x32 (a56b2f88318fd321da8e5be95a92296e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2010/12/27 13:47:14.0266 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/27 13:47:14.0376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/27 13:47:14.0595 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/27 13:47:14.0673 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/27 13:47:14.0907 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/27 13:47:15.0251 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/27 13:47:15.0376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/27 13:47:15.0563 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/27 13:47:15.0626 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/27 13:47:15.0657 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/27 13:47:15.0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/27 13:47:15.0766 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2010/12/27 13:47:15.0782 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/27 13:47:15.0829 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/27 13:47:15.0845 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/27 13:47:15.0970 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/27 13:47:16.0141 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/27 13:47:16.0282 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/12/27 13:47:16.0376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/27 13:47:16.0501 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/27 13:47:16.0610 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/27 13:47:16.0720 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/27 13:47:16.0813 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/27 13:47:16.0860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/27 13:47:16.0907 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/27 13:47:16.0970 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/27 13:47:17.0032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/27 13:47:17.0063 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/27 13:47:17.0095 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/27 13:47:17.0173 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/27 13:47:17.0235 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/27 13:47:17.0345 RCFOX (e09a2360727cbc2cc8a611f29cb3ce66) C:\WINDOWS\system32\Drivers\RCFOX.sys
2010/12/27 13:47:17.0470 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
2010/12/27 13:47:17.0610 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/27 13:47:17.0673 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/27 13:47:17.0782 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/27 13:47:17.0938 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/27 13:47:18.0016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/27 13:47:18.0173 RimSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/27 13:47:18.0360 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/12/27 13:47:18.0407 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/27 13:47:18.0626 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/27 13:47:18.0798 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/12/27 13:47:19.0001 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/27 13:47:19.0141 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/27 13:47:19.0235 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/12/27 13:47:19.0329 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/12/27 13:47:19.0454 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/27 13:47:19.0501 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/27 13:47:19.0813 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/27 13:47:19.0876 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/27 13:47:19.0938 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2010/12/27 13:47:20.0016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/27 13:47:20.0048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/27 13:47:20.0079 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/27 13:47:20.0157 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/27 13:47:20.0298 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/27 13:47:20.0501 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/27 13:47:20.0641 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/27 13:47:20.0735 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/27 13:47:20.0813 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/27 13:47:20.0938 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/27 13:47:21.0173 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/27 13:47:21.0720 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/27 13:47:22.0188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/27 13:47:22.0329 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/27 13:47:22.0423 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/27 13:47:22.0532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/27 13:47:22.0688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/27 13:47:22.0813 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/12/27 13:47:22.0876 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2010/12/27 13:47:22.0923 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/27 13:47:22.0970 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2010/12/27 13:47:23.0001 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2010/12/27 13:47:23.0126 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2010/12/27 13:47:23.0220 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2010/12/27 13:47:23.0329 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2010/12/27 13:47:23.0423 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2010/12/27 13:47:23.0532 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2010/12/27 13:47:23.0626 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2010/12/27 13:47:24.0079 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/27 13:47:24.0454 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/27 13:47:24.0923 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/27 13:47:25.0188 USA19H (6d1e41657fdb48f9147598c773297513) C:\WINDOWS\system32\DRIVERS\USA19H2k.sys
2010/12/27 13:47:25.0438 USA19H2KP (8a217fc16dd14ab8ad2eaa1f08b3b5c5) C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS
2010/12/27 13:47:25.0579 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/27 13:47:25.0704 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2010/12/27 13:47:25.0782 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/27 13:47:26.0048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/27 13:47:26.0157 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/27 13:47:26.0266 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/27 13:47:26.0298 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/27 13:47:26.0376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/27 13:47:26.0423 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/27 13:47:26.0516 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/27 13:47:26.0673 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/27 13:47:26.0876 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/27 13:47:27.0079 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/12/27 13:47:27.0266 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/27 13:47:27.0407 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/27 13:47:27.0860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/27 13:47:28.0032 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/27 13:47:28.0251 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/27 13:47:28.0423 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/27 13:47:28.0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/27 13:47:28.0829 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/27 13:47:28.0829 ================================================================================
2010/12/27 13:47:28.0829 Scan finished
2010/12/27 13:47:28.0829 ================================================================================
2010/12/27 13:47:28.0845 Detected object count: 1
2010/12/27 13:47:41.0985 \HardDisk0 - will be cured after reboot
2010/12/27 13:47:41.0985 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/27 13:48:11.0470 Deinitialize success

Attached Files



#7 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 27 December 2010 - 09:50 PM

Hi tonydes,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

REGNULL::
[HKEY_LOCAL_MACHINE\software\Classes\AppID\¨ F**]

RenV::
c:\program files\Apoint\Apoint .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Musicmatch\Musicmatch Jukebox\mimboot .exe
c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Symantec AntiVirus\VPTray .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr .exe
c:\program files\Windows Defender\MSASCui .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\DLA\DLACTRLW .EXE


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#8 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 28 December 2010 - 01:21 PM

Here is the file. Thx

Attached Files



#9 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 28 December 2010 - 08:14 PM

Hi tony,


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


#10 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 30 December 2010 - 11:39 AM

Here are the results of Activescan:




;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-12-30 11:36:59
PROTECTIONS: 1
MALWARE: 47
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@tribalfusion[4].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@mediaplex[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@anm.co[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@clickbank[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.www.myaffiliateprogram.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@perf.overture[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@perf.overture[3].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[www.burstbeacon.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[server.iad.liveperson.net/hc/62908595]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[server.iad.liveperson.net/hc/8959766]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[server.iad.liveperson.net/hc/79072604]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@server.iad.liveperson[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.pointroll.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[hc2.humanclick.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@overture[4].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@go[3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\navigator\profiles\tzo210yr.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@atwola[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.atwola.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@ehg-dig.hitbox[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ehg-dig.hitbox.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@ads.addynamix[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.drivecleaner.com/]
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.drivecleaner.com/]
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[drivecleaner.com/]
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.drivecleaner.com/]
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony.leap\application data\netscape\nsb\profiles\kgxaaoy4.default\cookies.txt[.drivecleaner.com/]
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\test\cookies\test@registrydefender[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adserver.easyad[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@adserver.easyad[2].txt
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No c:\documents and settings\tony\cookies\tony@advancedcleaner[1].txt
05259283 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp221\a0037721.dll
05259283 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp213\a0035912.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\archive files\pumpdiskfolder\analyst 1-4-2\(2nd last version of) analyst142.zip[analyst 1.4.2/analys~1.cab][maxmintest.exe.b4d37b45_b87c_41e8_a1e1_b5c8bd958664]
No c:\archive files\pumpdiskfolder\analyst 1-4-2\analyst142\analyst 1.4.2\(2nd last version of) analys~1.cab[maxmintest.exe.b4d37b45_b87c_41e8_a1e1_b5c8bd958664]
No c:\archive files\pumpdiskfolder\analyst 1-4-2\analyst142\analyst 1.4.2\analys~1.cab[maxmintest.exe.b4d37b45_b87c_41e8_a1e1_b5c8bd958664]
No c:\archive files\pumpdiskfolder\analyst 1-4-2\analyst142.zip[analyst 1.4.2/analys~1.cab][maxmintest.exe.b4d37b45_b87c_41e8_a1e1_b5c8bd958664]
No c:\documents and settings\tony\desktop\analyst 1-5-0\install\analys~1.cab[maxmintest.exe.1f59bf49_dbcd_46d2_997d_512ca5c6c83d]
No c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp176\a0018728.rbf
No c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp212\a0034412.exe
No c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp213\a0035826.exe
No e:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp206\a0021393.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
221289 HIGH MS10-034
217834 HIGH MS10-008
214072 HIGH MS09-055
211784 HIGH MS09-032
194862 HIGH MS08-032
;===================================================================================================================================================================================

#11 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 31 December 2010 - 12:13 PM

Hi tonydes,

Lets clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

*******************************************

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\documents and settings\tony\desktop\analyst 1-5-0\install\analys~1.cab

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

#12 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 01 January 2011 - 11:41 AM

Here are the results from Virustotal:


Antivirus Version Last Update Result
AntiVir 7.11.0.247 2010.12.31 -
Antiy-AVL 2.0.3.7 2011.01.01 -
Avast 4.8.1351.0 2011.01.01 -
Avast5 5.0.677.0 2011.01.01 -
AVG 9.0.0.851 2011.01.01 -
BitDefender 7.2 2011.01.01 -
CAT-QuickHeal 11.00 2011.01.01 (Suspicious) - DNAScan
ClamAV 0.96.4.0 2011.01.01 -
Command 5.2.11.5 2011.01.01 -
Comodo 7263 2011.01.01 -
eSafe 7.0.17.0 2010.12.30 Win32.Banker
eTrust-Vet 36.1.8074 2010.12.31 -
F-Prot 4.6.2.117 2010.12.31 -
F-Secure 9.0.16160.0 2011.01.01 -
Fortinet 4.2.254.0 2011.01.01 -
GData 21 2011.01.01 -
Ikarus T3.1.1.90.0 2011.01.01 -
Jiangmin 13.0.900 2011.01.01 -
K7AntiVirus 9.75.3406 2010.12.31 -
Kaspersky 7.0.0.125 2011.01.01 -
McAfee 5.400.0.1158 2011.01.01 -
Microsoft 1.6402 2011.01.01 -
NOD32 5751 2011.01.01 -
Norman 6.06.12 2011.01.01 -
nProtect 2011-01-01.01 2011.01.01 -
Panda 10.0.2.7 2011.01.01 Suspicious file
PCTools 7.0.3.5 2011.01.01 -
Prevx 3.0 2011.01.01 -
Rising 22.80.04.04 2010.12.31 -
Sophos 4.60.0 2011.01.01 -
SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
Symantec 20101.3.0.103 2011.01.01 -
TheHacker 6.7.0.1.109 2010.12.30 -
TrendMicro 9.120.0.1004 2011.01.01 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.01 -
VIPRE 7910 2011.01.01 -
ViRobot 2010.12.31.4232 2011.01.01 -
VirusBuster 13.6.121.0 2010.12.30 -
Additional information
Show all
MD5 : 1784b7a43b5282f1861a0ca10bbac22b
SHA1 : 07e2133ca09dd64cd958853ed48d50821ad9ee98
SHA256: 8ce0a226159f9f9266ab1ea2e7232f057780846d87256451f8ecc7d744e028fb
ssdeep: 393216:RbTbmWnrrQKGSrnx136VRsUwshbi99ASeKce9jAI5:prnAXo9Uphy9aKcejAI5
File size : 20776303 bytes
First seen: 2011-01-01 16:38:53
Last seen : 2011-01-01 16:38:53
TrID:
Microsoft Cabinet Archive (99.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

#13 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 02 January 2011 - 07:30 AM

Hi tonydes,
Please turn off your antivirus and:

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


#14 tonydes

tonydes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 02 January 2011 - 04:29 PM

Here are the results:




QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Sun Jan 02 11:29:14 2011
Machine ID: 982E2388



No infection found.
-------------------



Processes
---------
Apple Mobile Device Service 976 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Authentication Manager 1120 C:\Program Files\Wave Systems Corp\common\DataServer.exe
AutoUpdate 4024 C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
Bluetooth Stack for Windows by TOSHIBA 1200 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
Bluetooth Stack for Windows by TOSHIBA 2976 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
Bluetooth Stack for Windows by Toshiba 4020 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
Bluetooth Stack for Windows by TOSHIBA 3708 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Bonjour 1012 C:\Program Files\Bonjour\mDNSResponder.exe
C-Major Audio 3204 C:\WINDOWS\stsystra.exe
CFRDBService Module 1560 C:\Xcalibur\system\programs\CFRDBService.exe
DameWare Development DWRCS 1060 C:\WINDOWS\system32\DWRCS.EXE
Drive Letter Access Component 3904 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
ESET Smart Security 2956 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
ESET Smart Security 1144 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
finSS_Server Module 1264 C:\Xcalibur\system\programs\finSS_Server.exe
Flock 2884 C:\Program Files\Flock\flock.exe
GoogleToolbarNotifier 3312 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Intel PROSet/Wireless 2188 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
Intel® PROSet/Wireless 1328 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Intel® PROSet/Wireless Event Log 2000 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Intel® PROSet/Wireless Registry Servi 3256 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Intel® PROSet/Wireless Service 208 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Microsoft IntelliPoint 1216 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft SQL Server 2024 C:\MSSQL7\Binn\sqlmangr.exe
Microsoft SQL Server 636 C:\MSSQL7\Binn\sqlservr.exe
Microsoft® Visual Studio .NET 448 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Microsoft® Windows® Operating System 2168 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 3072 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 1436 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 3336 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 1516 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 3800 C:\WINDOWS\system32\rundll32.exe
Microsoft® Windows® Operating System 884 C:\WINDOWS\system32\scardsvr.exe
Microsoft® Windows® Operating System 3548 C:\WINDOWS\system32\searchindexer.exe
Microsoft® Windows® Operating System 1504 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 432 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1708 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1756 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1824 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1940 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1228 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 3372 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 3700 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 304 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2864 C:\WINDOWS\system32\wbem\wmiprvse.exe
Microsoft® Windows® Operating System 1460 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 1108 C:\WINDOWS\system32\wuauclt.exe
Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\wuauclt.exe
National Instruments Logos 352 C:\WINDOWS\system32\lkads.exe
National Instruments Logos 328 C:\WINDOWS\system32\lkcitdl.exe
National Instruments Logos 356 C:\WINDOWS\system32\lktsrv.exe
NicConfigSvc 1300 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
NVIDIA Driver Helper Service, Version 8 108 C:\WINDOWS\system32\nvsvc32.exe
SSO Service 236 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
tcsd_win32.exe 3396 C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
UMonit Application 3736 C:\WINDOWS\system32\UMonit.exe
Virtual instrument for Analyst 3448 C:\Program Files\Flux Instruments\Virtual Instrument for Analyst Core\xviphs.exe
Windows Defender 1900 C:\Program Files\Windows Defender\MsMpEng.exe
ZeroCfgSvc Application 1840 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


Network activity
----------------
Process ekrn.exe (1144) connected on port 80 (HTTP) --> 173.194.33.100
Process ekrn.exe (1144) connected on port 80 (HTTP) --> 96.17.160.82
Process ekrn.exe (1144) connected on port 80 (HTTP) --> 74.125.53.121
Process ekrn.exe (1144) connected on port 80 (HTTP) --> 66.220.149.25

Process sqlservr.exe (636) listens on ports: 1036, 1433 (Microsoft SQL)
Process DWRCS.EXE (1060) listens on ports: 6129 (DameWare)
Process svchost.exe (1756) listens on ports: 135 (RPC)
Process tcsd_win32.exe (3396) listens on ports: 10001


Autoruns and critical files
---------------------------
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
AutoUpdate C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C-Major Audio C:\WINDOWS\stsystra.exe
Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE
ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Intel® PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft SQL Server C:\MSSQL7\Binn\sqlmangr.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Hotkey Service, Version 83.13 C:\WINDOWS\system32\nvhotkey.dll
nwiz.exe C:\WINDOWS\system32\nwiz.exe
UMonit Application C:\WINDOWS\system32\UMonit.exe
Windows Defender C:\Program Files\Windows Defender\MpCmdRun.exe
Windows Defender c:\program files\windows defender\mpshhook.dll
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Search C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
ZeroCfgSvc Application C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


Browser plugins
---------------
acroiefavclient.dll c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Browser Address Error Redirector c:\program files\bae\bae.dll
Diagnostic Collection ActiveX control C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll
Drive Letter Access Component c:\windows\system32\dla\dlashx_w.dll
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Dell QuickSet"


Scan
----

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Flux Instruments\Virtual Instrument for Analyst Core\xviphs.exe

Upload started - 1 file(s)
xviphs.exe (110592)
Upload speed - 5 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 30 sec
Total traffic - 0.17 MB sent, 636.68 KB recvd
Scanned 1426 files and modules - 199 seconds

#15 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:11:28 AM

Posted 02 January 2011 - 07:54 PM

Hi tony,

seems we are all good! We can start doing the cleanup!

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image
  • The following will implement some very important cleanup procedures as well as reset System Restore points.

How is your computer running?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users