Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Toughest Malware/redirect /hijacker ever


  • This topic is locked This topic is locked
14 replies to this topic

#1 Blake69

Blake69

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 23 January 2011 - 01:21 AM

Hello, The problem started when I opened a picture of Lisa Raye in Google images. I immediately started to notice a slow down in my system. Now I keep getting the "Generic host for Win32 services has encountered a problem" message. It also redirects me when ever I click on a suggest site in yahoo or Google (its even so brazen as to say "redirect" when its doing it. When I look in the drop down browser for the back/forward arrows, there is always a type of swirl sign next to the sites Ive been redirected to (I have know idea what that means). Here's where it gets good, as long as i just kept being redirected the system would work fine, I just couldn't get to where I was going (if you can call that fine). It would allow me to run AVG and Malwarebyte with no problems, however when I found this site and started to run through the 8 steps it was like Raid on a roach! I was able to get as far as step 7 but when I tried to run the GMER it kept given me a critical error and turning off my computer. I got 2 other "exe" errors but I don't remember exactly what they were, sorry. Thank you in advance for your help-Blake69


DDS (Ver_10-12-12.02) - NTFSx86
Run by Blake at 23:00:34.42 on Sat 01/22/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.70 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Blake\My Documents\Downloads\Defogger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Blake\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6441
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Power2GoExpress] NA
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: comcastonline.com\actsvr
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxps://support.gateway.com/support/profiler//PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203091060203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} - hxxp://vault.alamode.com/cab/vfd.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blake\applic~1\mozilla\firefox\profiles\ehm8w9gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

=============== Created Last 30 ================

2011-01-23 04:37:41 1893 ----a-w- c:\windows\bcmwltrytmp.reg
2011-01-21 19:15:19 -------- d-----w- c:\docume~1\blake\applic~1\Malwarebytes
2011-01-21 19:15:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 19:14:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 19:14:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-21 19:14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 06:35:00 -------- d-----w- c:\docume~1\blake\applic~1\AVG
2011-01-07 15:08:55 -------- d--h--w- C:\$AVG

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS421280H9AT00 rev.HA3OA70S -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84F1F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84f257b0]; MOV EAX, [0x84f2582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x84F5B740]
3 CLASSPNP[0xF76BEFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\000000a6[0x84FE1478]
5 ACPI[0xF74B5620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x84FCE030]
\Driver\atapi[0x84EEC640] -> IRP_MJ_CREATE -> 0x84F1F555
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS421280H9AT00_________________________HA3OA70S#5&b78aa63&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x84F1F39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 23:04:10.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 23 January 2011 - 05:16 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

One or more of the identified infections is a Backdoor trojan/Rootkit.

This can allow hackers to potentially remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be absolutely sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

I can still clean this machine but I can't guarantee that it will be 100% secure afterward. If after careful consideration you have decided to continue with cleanup then please proceed as I have outlined below.

==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\bcmwltrytmp.reg

If you get...

This file has been scanned before. The results for this previous scan are listed below.


Please choose "Scan Again"!!!!!!!!!

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

How is your computer running now?

Is your AVG paid or free?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 23 January 2011 - 07:11 PM

1st thing 1st, thank you so much for what you do. I had no business looking at that picture of Lisa Raye in the 1st place and really I brought all this on myself, Thank God and you. My computer is running better than it did before, NO MORE REDIRECTS! I'll see about getting a new OS Monday. I hope these were the logs I was suppose to post.

2011/01/23 17:24:08.0238 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/23 17:24:08.0238 ================================================================================
2011/01/23 17:24:08.0238 SystemInfo:
2011/01/23 17:24:08.0238
2011/01/23 17:24:08.0238 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/23 17:24:08.0238 Product type: Workstation
2011/01/23 17:24:08.0238 ComputerName: TRUEVINEMOBILE
2011/01/23 17:24:08.0269 UserName: Blake
2011/01/23 17:24:08.0269 Windows directory: C:\WINDOWS
2011/01/23 17:24:08.0269 System windows directory: C:\WINDOWS
2011/01/23 17:24:08.0269 Processor architecture: Intel x86
2011/01/23 17:24:08.0269 Number of processors: 1
2011/01/23 17:24:08.0269 Page size: 0x1000
2011/01/23 17:24:08.0269 Boot type: Normal boot
2011/01/23 17:24:08.0269 ================================================================================
2011/01/23 17:24:13.0552 Initialize success
2011/01/23 17:24:20.0506 ================================================================================
2011/01/23 17:24:20.0506 Scan started
2011/01/23 17:24:20.0506 Mode: Manual;
2011/01/23 17:24:20.0506 ================================================================================
2011/01/23 17:24:24.0116 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
2011/01/23 17:24:24.0226 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/23 17:24:24.0351 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/23 17:24:24.0413 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/23 17:24:24.0460 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/23 17:24:24.0507 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/23 17:24:24.0585 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/23 17:24:24.0648 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/23 17:24:24.0882 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/23 17:24:24.0913 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/23 17:24:24.0960 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/23 17:24:24.0991 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/23 17:24:25.0038 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/23 17:24:25.0085 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/23 17:24:25.0116 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/23 17:24:25.0179 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/23 17:24:25.0273 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/01/23 17:24:25.0304 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/23 17:24:25.0382 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/23 17:24:25.0413 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/23 17:24:25.0445 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/23 17:24:25.0491 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/23 17:24:25.0570 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/23 17:24:25.0601 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/23 17:24:25.0757 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/23 17:24:26.0023 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/23 17:24:26.0085 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/23 17:24:26.0179 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/23 17:24:26.0304 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/23 17:24:26.0367 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/23 17:24:26.0413 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/23 17:24:26.0632 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/23 17:24:26.0679 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/23 17:24:26.0710 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/23 17:24:26.0773 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/23 17:24:26.0867 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\drivers\BCM42RLY.SYS
2011/01/23 17:24:26.0992 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/23 17:24:27.0179 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/23 17:24:27.0273 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/01/23 17:24:27.0336 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/01/23 17:24:27.0382 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/01/23 17:24:27.0414 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/01/23 17:24:27.0507 CAMCAUD (80eb55b615ed0f669a28a96fefd4603f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/01/23 17:24:27.0570 CAMCHALA (ad1d8debdb1df8682e374e0cd1638c1b) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/01/23 17:24:27.0601 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/23 17:24:27.0632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/23 17:24:27.0679 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/23 17:24:27.0742 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/23 17:24:27.0804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/23 17:24:27.0883 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/01/23 17:24:28.0164 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/01/23 17:24:28.0211 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/23 17:24:28.0336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/23 17:24:28.0383 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/23 17:24:28.0414 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/23 17:24:28.0461 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/23 17:24:28.0508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/23 17:24:28.0539 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/23 17:24:28.0633 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/23 17:24:28.0773 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/23 17:24:29.0008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/23 17:24:29.0508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/23 17:24:29.0617 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/23 17:24:29.0680 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/23 17:24:29.0727 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/23 17:24:29.0820 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
2011/01/23 17:24:29.0883 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/23 17:24:29.0961 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/23 17:24:30.0008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/23 17:24:30.0039 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/23 17:24:30.0180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/23 17:24:30.0274 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/23 17:24:30.0477 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/23 17:24:30.0571 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/23 17:24:30.0633 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/23 17:24:30.0696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/23 17:24:30.0742 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/23 17:24:30.0852 HSFHWATI (a32f20830996d61d862311f138870a0c) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2011/01/23 17:24:31.0024 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/23 17:24:31.0149 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/23 17:24:31.0399 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/23 17:24:31.0461 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/23 17:24:31.0508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/23 17:24:31.0571 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/23 17:24:31.0618 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/23 17:24:31.0665 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/23 17:24:31.0711 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/23 17:24:31.0790 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/23 17:24:31.0946 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/23 17:24:32.0008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/23 17:24:32.0102 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/23 17:24:32.0149 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/23 17:24:32.0212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/23 17:24:32.0274 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/23 17:24:32.0493 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/23 17:24:32.0602 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/23 17:24:32.0758 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/23 17:24:32.0868 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/01/23 17:24:32.0946 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/23 17:24:33.0556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/23 17:24:33.0712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/23 17:24:34.0181 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/23 17:24:35.0275 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/23 17:24:35.0994 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/23 17:24:36.0259 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/23 17:24:36.0431 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/23 17:24:36.0556 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/23 17:24:36.0837 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/23 17:24:36.0900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/23 17:24:36.0947 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/23 17:24:36.0994 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/23 17:24:37.0072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/23 17:24:37.0134 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/23 17:24:37.0212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/23 17:24:37.0291 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/23 17:24:37.0431 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/23 17:24:37.0478 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/23 17:24:37.0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/23 17:24:37.0791 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/23 17:24:37.0869 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/23 17:24:37.0963 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/23 17:24:38.0041 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/23 17:24:38.0103 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/23 17:24:38.0291 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/01/23 17:24:38.0400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/23 17:24:38.0463 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/23 17:24:38.0510 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/23 17:24:38.0603 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/23 17:24:38.0697 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/23 17:24:38.0744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/23 17:24:38.0791 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/23 17:24:38.0947 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/23 17:24:39.0072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/23 17:24:39.0119 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/23 17:24:39.0322 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/23 17:24:39.0369 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/23 17:24:39.0479 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/23 17:24:39.0541 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/23 17:24:39.0619 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/23 17:24:39.0729 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/23 17:24:39.0760 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/23 17:24:39.0807 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/23 17:24:40.0072 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/23 17:24:40.0119 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/23 17:24:40.0182 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/23 17:24:40.0229 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/23 17:24:40.0307 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/23 17:24:40.0432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/23 17:24:40.0494 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/23 17:24:40.0541 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/23 17:24:40.0588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/23 17:24:40.0651 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/23 17:24:40.0744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/23 17:24:40.0823 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/23 17:24:40.0979 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/23 17:24:41.0120 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/01/23 17:24:41.0260 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/23 17:24:41.0370 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/23 17:24:41.0479 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/23 17:24:41.0635 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/23 17:24:41.0792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/23 17:24:41.0870 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/23 17:24:41.0932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/23 17:24:41.0995 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/23 17:24:42.0088 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/23 17:24:42.0354 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/23 17:24:42.0464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/23 17:24:42.0542 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/23 17:24:42.0573 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/23 17:24:42.0620 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/23 17:24:42.0667 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/23 17:24:42.0729 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/23 17:24:42.0807 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/23 17:24:42.0932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/23 17:24:43.0104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/23 17:24:43.0182 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/23 17:24:43.0245 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/23 17:24:43.0386 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/01/23 17:24:43.0479 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/23 17:24:43.0526 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/23 17:24:43.0573 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/23 17:24:43.0636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/23 17:24:43.0745 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/23 17:24:44.0011 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/23 17:24:44.0089 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/23 17:24:44.0136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/23 17:24:44.0198 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/23 17:24:44.0245 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/23 17:24:44.0323 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/23 17:24:44.0886 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/23 17:24:45.0449 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/23 17:24:45.0667 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/23 17:24:45.0714 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/23 17:24:45.0870 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/23 17:24:46.0074 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/23 17:24:46.0199 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/23 17:24:46.0511 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/23 17:24:46.0667 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/23 17:24:47.0043 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/23 17:24:47.0136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/23 17:24:47.0246 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/23 17:24:47.0449 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/23 17:24:47.0558 yukonwxp (9a916f4354eef85c535dd792754edc1d) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/01/23 17:24:47.0668 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/23 17:24:47.0668 ================================================================================
2011/01/23 17:24:47.0668 Scan finished
2011/01/23 17:24:47.0668 ================================================================================
2011/01/23 17:24:47.0699 Detected object count: 1
2011/01/23 17:25:01.0405 \HardDisk0 - will be cured after reboot
2011/01/23 17:25:01.0405 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/23 17:25:29.0582 Deinitialize success


[ArcaVir]
2011-01-24 Found nothing
[G DATA]
2011-01-23 Found nothing
[Avast! antivirus]
2011-01-23 Found nothing
[Ikarus]
2011-01-23 Found nothing
[Grisoft AVG Anti-Virus]
2011-01-23 Found nothing
[Kaspersky Anti-Virus]
2011-01-23 Found nothing
[Avira AntiVir]
2011-01-23 Found nothing
[ESET NOD32]
2011-01-23 Found nothing
[Softwin BitDefender]
2011-01-23 Found nothing
[Panda Antivirus]
2011-01-23 Found nothing
[ClamAV]
2011-01-23 Found nothing
[Quick Heal]
2011-01-21 Found nothing
[CPsecure]
2011-01-23 Found nothing
[Sophos]
2011-01-23 Found nothing
[Dr.Web]
2011-01-24 Found nothing
[VirusBlokAda VBA32]
2011-01-21 Found nothing
[Frisk F-Prot Antivirus]
2011-01-23 Found nothing
[VirusBuster]
2011-01-23 Found nothing
[F-Secure Anti-Virus]
2011-01-23 Found nothing

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 23 January 2011 - 08:27 PM

Well done. :thumbup2:

Your welcome.

Do this next please..........

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AVG

Additional instructions can be found here if needed.

==========

Download and run AppRemover.
http://www.appremover.com/

==========

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

If AVG was not a paid version then install this instead.

Please download and install Microsoft Security Essentials
http://www.microsoft.com/security_essentials/

Don't run a scan yet please.

What problems remain?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 23 January 2011 - 11:16 PM

Alrighty, I think I did everything right. The new windows security asked me if I wanted it to turn on a firewall, I told it yes. Is that OK?


ComboFix 11-01-23.03 - Blake 01/23/2011 21:15:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.181 [GMT -6:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET26.tmp
c:\windows\system32\bszip.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 02:02 . 2011-01-24 02:37 -------- d-----w- c:\windows\LastGood
2011-01-23 23:41 . 2011-01-23 23:41 1893 ----a-w- c:\windows\bcmwltrytmp.reg
2011-01-21 19:15 . 2011-01-24 02:50 -------- d-----w- c:\documents and settings\Blake\Application Data\Malwarebytes
2011-01-21 08:56 . 2011-01-22 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-21 06:30 . 2011-01-24 02:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-17 19:49 . 2011-01-17 19:50 -------- d-----w- c:\documents and settings\TEMP
2011-01-07 15:08 . 2011-01-07 15:08 -------- d-----w- C:\$AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-11-23 08:57 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-11-23 07:12 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2005-11-23 07:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2005-11-23 07:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2005-11-23 07:12 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2005-11-23 07:12 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2005-11-23 07:12 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-11-23 07:12 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-11-23 07:12 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-11-23 07:12 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 811008]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\VaultFilesDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1545:UDP"= 1545:UDP:Windows Media Format SDK (iexplore.exe)
"1544:UDP"= 1544:UDP:Windows Media Format SDK (iexplore.exe)

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/28/2006 3:52 PM 200576]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/26/2006 8:21 AM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/26/2006 8:21 AM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/26/2006 8:21 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/26/2006 8:20 AM 10368]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [11/22/2005 6:52 PM 69692]

--- Other Services/Drivers In Memory ---

*Deregistered* - Avgldx86
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: comcastonline.com\actsvr
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\ehm8w9gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-01-23 21:29:12
ComboFix-quarantined-files.txt 2011-01-24 03:29

Pre-Run: 41,984,917,504 bytes free
Post-Run: 42,253,258,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A7D4F72B3871F443619C4BE750B3235A

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 24 January 2011 - 11:52 AM

Well done. :thumbup2:

This next....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

http://www.bleepingcomputer.com/forums/topic375178.html

Suspect::
c:\windows\bcmwltrytmp.reg

Driver::
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgrkx86
Avgtdix

File::
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
c:\windows\system32\DRIVERS\avgrkx86.sys
c:\windows\system32\DRIVERS\avgtdix.sys



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2011 - 07:49 PM

I'm so excited! you got me feeling all techy and what not!

ComboFix 11-01-23.07 - Blake 01/24/2011 18:13:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.139 [GMT -6:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FILE ::
"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"
"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"
"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"
"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"
"c:\windows\system32\DRIVERS\avgrkx86.sys"
"c:\windows\system32\DRIVERS\avgtdix.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX


((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-24 04:15 . 2011-01-13 07:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{535E91CF-CB4D-49A6-8B4E-33DBDAB75F29}\mpengine.dll
2011-01-24 04:15 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-24 04:05 . 2011-01-24 04:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-21 19:15 . 2011-01-24 02:50 -------- d-----w- c:\documents and settings\Blake\Application Data\Malwarebytes
2011-01-21 08:56 . 2011-01-22 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-21 06:30 . 2011-01-24 02:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-17 19:49 . 2011-01-17 19:50 -------- d-----w- c:\documents and settings\TEMP
2011-01-07 15:08 . 2011-01-07 15:08 -------- d-----w- C:\$AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-11-23 08:57 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-11-23 07:12 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2005-11-23 07:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2005-11-23 07:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2005-11-23 07:12 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2005-11-23 07:12 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2005-11-23 07:12 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-11-23 07:12 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-11-23 07:12 290048 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 811008]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\VaultFilesDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1545:UDP"= 1545:UDP:Windows Media Format SDK (iexplore.exe)
"1544:UDP"= 1544:UDP:Windows Media Format SDK (iexplore.exe)

R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9158656]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/28/2006 3:52 PM 200576]
S1 MpKsl6c16b63e;MpKsl6c16b63e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{535E91CF-CB4D-49A6-8B4E-33DBDAB75F29}\MpKsl6c16b63e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{535E91CF-CB4D-49A6-8B4E-33DBDAB75F29}\MpKsl6c16b63e.sys [?]
S1 MpKsl8bfa6c45;MpKsl8bfa6c45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{535E91CF-CB4D-49A6-8B4E-33DBDAB75F29}\MpKsl8bfa6c45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{535E91CF-CB4D-49A6-8B4E-33DBDAB75F29}\MpKsl8bfa6c45.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/26/2006 8:21 AM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/26/2006 8:21 AM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/26/2006 8:21 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/26/2006 8:20 AM 10368]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [11/22/2005 6:52 PM 69692]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: comcastonline.com\actsvr
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\ehm8w9gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 18:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\WLTRAY.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-01-24 18:37:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-25 00:36
ComboFix2.txt 2011-01-24 03:29

Pre-Run: 42,480,279,552 bytes free
Post-Run: 42,357,710,848 bytes free

- - End Of File - - E22A593EDE0E10C9C2DA05AB072443C4

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 24 January 2011 - 10:21 PM

Much better. :thumbup2:

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

What problems remain?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 26 January 2011 - 10:32 PM

Are you still there?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 27 January 2011 - 08:10 PM

Yes sorry about that. My schedule only gives me so many hours to be on the net and the ESET takes 2 hrs to run. The 1st 2 times it quit right in the middle and I had to start over. Then my wife turned it off. AGGGGHHH! So frustrated! Here you go, thanks.

I dont know where the ESET file is but the step 4 of 4 said
infected files 0
cleaned files 0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5594

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/26/2011 9:18:20 PM
mbam-log-2011-01-26 (21-18-20).txt

Scan type: Quick scan
Objects scanned: 195004
Time elapsed: 3 hour(s), 26 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 27 January 2011 - 10:10 PM

Please go to start => Run => Copy and paste the bold line in the run-box and click OK:

"C:\Qoobox\Add-Remove Programs.txt"

A text file opens up, copy and paste the content to your reply.

How is your computer running?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 27 January 2011 - 10:19 PM

Its running good, no more redirect. YAYYYYY!

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
Conexant AC-Link Audio
Garmin Communicator Plugin
Garmin USB Drivers
gtw_logo
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
iTunes
Java Auto Updater
Java™ 6 Update 22
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Burn Engine
PaperPort 8.0 SE
PDF-XChange 3
Power2Go 4.0
PowerDVD
QuickBooks Simple Start Edition
QuickTime
RealPlayer
Recovery Software Suite Gateway
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordWeb

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 27 January 2011 - 10:38 PM

Hello,

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


**********

  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall


    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.

**********

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

**********

Please right click and delete and remaining tools you downloaded for cleanup. Do not forget to turn you AV's real-time protection back on.

**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.


  • Have one antivirus application installed and running at all times.

  • Avoid file sharing, P2P, illegal downloads or rogue sites. This is a sure way to get severely infected.

  • Install an Anti-Spyware program, and update it regularly

    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

  • Keep your other software up to date as well. Periodically run the Secunia Online Software Inspector (OSI).

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!

    Again the MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Good luck & safe surfing,
Kind Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Blake69

Blake69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 27 January 2011 - 11:11 PM

I cant tell you how grateful I am to you. Thank you so much and God bless you for all you do.

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 27 January 2011 - 11:22 PM

Thanks for the kind words. My pleasure helping you. :thumbup2:

Since all is well I will close this thread.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users