Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM found a Rootkit.Dropper...


  • This topic is locked This topic is locked
12 replies to this topic

#1 AltElvis

AltElvis

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 24 February 2011 - 06:47 PM

Hi Bleeping Malware Hunters....

not sure how fixable this one is... it's Sony Z1RAP laptop, 1500 MHz w/ 512 RAM w/ built in wireless... been outta use for a coupla years... a few months ago, pulled this one out of storage to use as a wireless print server on the shop network... this was parked because a mouse/keyboard issue came up that i speculate was caused by a rootkit... after much going around, Microsoft tech support said they did all they could... had no idea that this Bleeping website was around... what happens is on boot up the touch pad mouse/keyboard randomly don't work... in Safe Mode they seem to work consistantly... a concern came up that this machine might be infected.... after working with moLe, who was super helpful with info that saved my daily laptop, since they both use the same network...this box is connected wireless to DLink 655 router... i tried running DDS, GMER both normal mode & safe mode... the programs would start, but would hang & stall the machine, couldn't even reboot, jus had to unplug & pull the battery out to shutdown... was able to run TDSSKiller & MBRCheck that resulted with logs... MalwareByte found a Rootkit Dropper & Quarantined and deleted the offending file... Avira found 2 HTML/Spoofing.Gen HTML script virus, but didn't provide the option to delete those files... ComboFix ran into the same problems as DDS & GMER, jus hung the puter up, had to shut down by pulling the plug.... Also was able to get a scan & log from RKUnhooker too... posted below are the logs i could get;


TDSSKiller log

2011/02/20 18:27:24.0674 3488 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/20 18:27:25.0044 3488 ================================================================================
2011/02/20 18:27:25.0044 3488 SystemInfo:
2011/02/20 18:27:25.0044 3488
2011/02/20 18:27:25.0044 3488 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/20 18:27:25.0044 3488 Product type: Workstation
2011/02/20 18:27:25.0044 3488 ComputerName: MOBIL1
2011/02/20 18:27:25.0044 3488 UserName: M
2011/02/20 18:27:25.0044 3488 Windows directory: C:\WINDOWS
2011/02/20 18:27:25.0044 3488 System windows directory: C:\WINDOWS
2011/02/20 18:27:25.0044 3488 Processor architecture: Intel x86
2011/02/20 18:27:25.0044 3488 Number of processors: 1
2011/02/20 18:27:25.0044 3488 Page size: 0x1000
2011/02/20 18:27:25.0044 3488 Boot type: Normal boot
2011/02/20 18:27:25.0044 3488 ================================================================================
2011/02/20 18:27:25.0795 3488 Initialize success
2011/02/20 18:27:31.0273 4064 ================================================================================
2011/02/20 18:27:31.0273 4064 Scan started
2011/02/20 18:27:31.0273 4064 Mode: Manual;
2011/02/20 18:27:31.0273 4064 ================================================================================
2011/02/20 18:27:33.0847 4064 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/20 18:27:34.0328 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/20 18:27:35.0109 4064 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/20 18:27:35.0580 4064 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/02/20 18:27:36.0020 4064 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/20 18:27:38.0634 4064 ApfiltrService (b18b9df784adc7f61381ba6a5123c002) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/02/20 18:27:39.0045 4064 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/20 18:27:40.0467 4064 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/20 18:27:40.0907 4064 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/20 18:27:41.0979 4064 ati2mtag (7c442aeb7ca1cde50e44534fb731ed7c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/20 18:27:42.0600 4064 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/20 18:27:43.0010 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/20 18:27:43.0411 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/20 18:27:43.0841 4064 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/02/20 18:27:44.0242 4064 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/02/20 18:27:44.0342 4064 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/02/20 18:27:44.0793 4064 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/02/20 18:27:45.0203 4064 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/02/20 18:27:45.0614 4064 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/02/20 18:27:46.0115 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/20 18:27:46.0866 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/20 18:27:47.0296 4064 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/20 18:27:47.0807 4064 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/20 18:27:48.0578 4064 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/20 18:27:49.0329 4064 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/20 18:27:50.0841 4064 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/20 18:27:51.0542 4064 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/20 18:27:52.0233 4064 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/02/20 18:27:52.0704 4064 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/20 18:27:53.0125 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/20 18:27:53.0555 4064 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/20 18:27:54.0296 4064 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/20 18:27:54.0777 4064 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/20 18:27:55.0218 4064 fa410 (b64a76d3c444c8a24b6cefe8658cf62d) C:\WINDOWS\system32\DRIVERS\fa410nd5.sys
2011/02/20 18:27:55.0728 4064 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/20 18:27:56.0199 4064 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/20 18:27:56.0630 4064 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/20 18:27:57.0030 4064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/20 18:27:57.0501 4064 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/20 18:27:58.0012 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/20 18:27:58.0422 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/20 18:27:58.0823 4064 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/20 18:27:59.0214 4064 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
2011/02/20 18:27:59.0664 4064 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/20 18:28:00.0455 4064 HSFHWICH (6970492ff51fdd2e1650ee7548f7f851) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/02/20 18:28:01.0417 4064 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/02/20 18:28:02.0288 4064 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/20 18:28:03.0470 4064 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/20 18:28:03.0880 4064 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/20 18:28:04.0992 4064 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/20 18:28:05.0402 4064 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/20 18:28:05.0813 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/20 18:28:06.0224 4064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/20 18:28:06.0694 4064 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/20 18:28:07.0185 4064 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/20 18:28:07.0636 4064 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/20 18:28:08.0026 4064 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/20 18:28:08.0467 4064 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/20 18:28:09.0018 4064 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/20 18:28:09.0478 4064 KmxAgent (f4ffca2de8290de6118583bf74962243) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
2011/02/20 18:28:09.0899 4064 KmxCF (9cb6ae1a28c0a5b70afc208f068bc24f) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
2011/02/20 18:28:10.0329 4064 KmxCfg (df0de1110162e761a7f60c392ad177dd) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
2011/02/20 18:28:10.0750 4064 KmxFile (28c7643d33ed066622e93260f818adfd) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
2011/02/20 18:28:11.0201 4064 KmxFw (6db409366cb3325a67a01308ce23ae1a) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
2011/02/20 18:28:11.0631 4064 KmxSbx (2df089f8594ae18d5c1a1bfbdd967eab) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
2011/02/20 18:28:12.0142 4064 KmxStart (f68a8118c1e26967533cc06206154784) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
2011/02/20 18:28:12.0633 4064 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/20 18:28:13.0464 4064 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/20 18:28:13.0885 4064 mf (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/02/20 18:28:14.0285 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/20 18:28:14.0736 4064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/20 18:28:15.0126 4064 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/20 18:28:15.0517 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/20 18:28:15.0918 4064 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/20 18:28:16.0729 4064 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/20 18:28:17.0340 4064 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/20 18:28:17.0930 4064 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/20 18:28:18.0331 4064 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/20 18:28:18.0722 4064 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/20 18:28:19.0112 4064 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/20 18:28:19.0503 4064 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/20 18:28:19.0903 4064 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/20 18:28:20.0404 4064 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/20 18:28:20.0955 4064 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/20 18:28:21.0365 4064 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/20 18:28:21.0836 4064 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/20 18:28:22.0287 4064 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/20 18:28:22.0807 4064 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/20 18:28:23.0248 4064 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/20 18:28:23.0769 4064 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/20 18:28:24.0179 4064 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/20 18:28:24.0790 4064 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/20 18:28:25.0381 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/20 18:28:25.0772 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/20 18:28:26.0162 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/20 18:28:26.0573 4064 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/20 18:28:27.0003 4064 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/20 18:28:27.0424 4064 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/20 18:28:27.0875 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/20 18:28:28.0325 4064 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/20 18:28:29.0076 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/20 18:28:29.0507 4064 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/20 18:28:32.0051 4064 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/20 18:28:32.0461 4064 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/20 18:28:32.0932 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/20 18:28:33.0282 4064 PxHelp20 (cdd1ff48a4e21e0c40d62c15d9c87785) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/02/20 18:28:35.0215 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/20 18:28:35.0666 4064 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/20 18:28:36.0097 4064 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/20 18:28:36.0497 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/20 18:28:36.0938 4064 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/20 18:28:37.0378 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/20 18:28:37.0859 4064 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/20 18:28:38.0350 4064 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/20 18:28:38.0800 4064 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/20 18:28:39.0301 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/20 18:28:39.0862 4064 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/20 18:28:40.0263 4064 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/02/20 18:28:41.0054 4064 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/02/20 18:28:41.0815 4064 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/02/20 18:28:42.0205 4064 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/20 18:28:42.0626 4064 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/20 18:28:43.0197 4064 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/20 18:28:43.0728 4064 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/20 18:28:44.0118 4064 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/20 18:28:45.0901 4064 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/20 18:28:46.0471 4064 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/20 18:28:47.0052 4064 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/20 18:28:47.0453 4064 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/20 18:28:47.0853 4064 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/20 18:28:48.0675 4064 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/20 18:28:49.0616 4064 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/20 18:28:50.0157 4064 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/20 18:28:50.0557 4064 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/20 18:28:50.0988 4064 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/20 18:28:51.0439 4064 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/20 18:28:51.0849 4064 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/20 18:28:52.0240 4064 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/20 18:28:52.0630 4064 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/20 18:28:53.0121 4064 VET-FILT (daadb622164e93376b31598c053a9e87) C:\WINDOWS\system32\drivers\VET-FILT.sys
2011/02/20 18:28:53.0532 4064 VET-REC (66747d67066e29b24363d5537b93d294) C:\WINDOWS\system32\drivers\VET-REC.sys
2011/02/20 18:28:53.0962 4064 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
2011/02/20 18:28:54.0603 4064 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
2011/02/20 18:28:55.0034 4064 VETFDDNT (10545ed2f206c922eb02e522b1a3fa75) C:\WINDOWS\system32\drivers\VETFDDNT.sys
2011/02/20 18:28:55.0404 4064 VETMONNT (77ef6a724334313b808fb6fe36b57be6) C:\WINDOWS\system32\drivers\VETMONNT.sys
2011/02/20 18:28:55.0845 4064 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/20 18:28:56.0616 4064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/20 18:28:57.0928 4064 w70n51 (95c908389cc4530d49a76a94dbd9e174) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/02/20 18:28:59.0240 4064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/20 18:29:00.0041 4064 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/20 18:29:00.0512 4064 WDM_YAMAHAAC97 (00c6fb98588aa31b79d43568c7878f47) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/02/20 18:29:01.0243 4064 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/20 18:29:02.0064 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/20 18:29:02.0515 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/20 18:29:03.0085 4064 ================================================================================
2011/02/20 18:29:03.0085 4064 Scan finished
2011/02/20 18:29:03.0085 4064 ================================================================================
2011/02/20 18:29:41.0160 3960 Deinitialize success


MBRCheck Log:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8BB5000 \WINDOWS\system32\KDCOM.DLL
0xF8AC5000 \WINDOWS\system32\BOOTVID.dll
0xF8666000 ACPI.sys
0xF8BB7000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8655000 pci.sys
0xF86B5000 isapnp.sys
0xF86C5000 ohci1394.sys
0xF86D5000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8AC9000 compbatt.sys
0xF8ACD000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8C7D000 pciide.sys
0xF8935000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8637000 pcmcia.sys
0xF86E5000 MountMgr.sys
0xF8618000 ftdisk.sys
0xF8BB9000 dmload.sys
0xF85F2000 dmio.sys
0xF8AD1000 ACPIEC.sys
0xF8C7E000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF893D000 PartMgr.sys
0xF86F5000 VolSnap.sys
0xF85DA000 atapi.sys
0xF8705000 disk.sys
0xF8715000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF85BA000 fltmgr.sys
0xF85A8000 sr.sys
0xF8945000 PxHelp20.sys
0xF8591000 KSecDD.sys
0xF8504000 Ntfs.sys
0xF84D7000 NDIS.sys
0xF84BC000 Mup.sys
0xF84A0000 kmxstart.sys
0xF8725000 agp440.sys
0xF8825000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF83C2000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF83AE000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8A05000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF838B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8A0D000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF8368000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8123000 \SystemRoot\System32\DRIVERS\w70n51.sys
0xF8BA1000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8835000 \SystemRoot\System32\DRIVERS\SonyPI.sys
0xF8A15000 \SystemRoot\System32\Drivers\SonyNC.sys
0xF8845000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8A1D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF810D000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF8A25000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8855000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8865000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8885000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF80EA000 \SystemRoot\System32\DRIVERS\ks.sys
0xF80B7000 \SystemRoot\system32\drivers\yacxgc.sys
0xF8093000 \SystemRoot\system32\drivers\portcls.sys
0xF8895000 \SystemRoot\system32\drivers\drmk.sys
0xF806A000 \SystemRoot\System32\DRIVERS\HSFHWICH.sys
0xF7F5B000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7EC3000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF8A2D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8D1B000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF88A5000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8BAD000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7EAC000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF88B5000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF88C5000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8A35000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7E9B000 \SystemRoot\System32\DRIVERS\psched.sys
0xF88D5000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8A8D000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A55000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF3599000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF58C2000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8BF1000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF3540000 \SystemRoot\System32\DRIVERS\update.sys
0xF8B59000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF58B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF51E4000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C25000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF334E000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF51F4000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF89ED000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF4E0A000 \SystemRoot\System32\DRIVERS\KmxFile.sys
0xEC632000 \SystemRoot\System32\DRIVERS\kmxagent.sys
0xEC618000 \SystemRoot\System32\DRIVERS\kmxcfg.sys
0xF8A85000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF89BD000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF3342000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF8A45000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF332E000 \SystemRoot\System32\Drivers\BrUsbScn.sys
0xF8CF6000 \SystemRoot\System32\Drivers\Brfilt.sys
0xF8745000 \SystemRoot\system32\DRIVERS\mf.sys
0xF8B61000 \SystemRoot\System32\Drivers\BrUsbMdm.sys
0xF88E5000 \SystemRoot\System32\Drivers\BrSerWdm.sys
0xEC5F8000 \SystemRoot\System32\DRIVERS\kmxfw.sys
0xF8B71000 \SystemRoot\System32\Drivers\VETFDDNT.SYS
0xF8BC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEC543000 \SystemRoot\System32\Drivers\VETEFILE.SYS
0xF8B85000 \SystemRoot\System32\Drivers\VET-REC.SYS
0xF8A9D000 \SystemRoot\System32\Drivers\VET-FILT.SYS
0xF8A6D000 \SystemRoot\System32\Drivers\VETMONNT.SYS
0xEC524000 \SystemRoot\System32\Drivers\VETEBOOT.SYS
0xF8DA7000 \SystemRoot\System32\Drivers\Null.SYS
0xF8BCF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A65000 \SystemRoot\System32\drivers\vga.sys
0xF8BD1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8BD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8975000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF31C5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED3BD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEC4F1000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEC499000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEC471000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEC44F000 \SystemRoot\System32\drivers\afd.sys
0xF6030000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEC424000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEC3B5000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF5FB0000 \SystemRoot\System32\Drivers\Fips.SYS
0xEC394000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF5B7D000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8CC4000 \SystemRoot\System32\DRIVERS\DMICall.sys
0xF66C4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEC37C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8BD7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEC7AD000 \SystemRoot\System32\drivers\Dxapi.sys
0xF897D000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF8D3D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvag.dll
0xBFA10000 \SystemRoot\System32\ati3d1ag.dll
0xEC369000 \SystemRoot\System32\DRIVERS\KmxSbx.sys
0xEDBC8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEC225000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xEC1D8000 \SystemRoot\System32\DRIVERS\KmxCF.sys
0xEC2ED000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xEC15E000 \SystemRoot\System32\DRIVERS\srv.sys
0xEBEF1000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBFBE000 \SystemRoot\system32\drivers\sysaudio.sys
0xEBAF1000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
828 csrss.exe
852 C:\WINDOWS\system32\winlogon.exe
896 C:\WINDOWS\system32\services.exe
908 C:\WINDOWS\system32\lsass.exe
1060 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1176 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1392 svchost.exe
1616 C:\WINDOWS\system32\spoolsv.exe
1640 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
1664 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
1704 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
1740 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
392 E:\Program Files\EZ Armor\CA Anti-Virus\isafe.exe
472 C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
568 C:\WINDOWS\system32\svchost.exe
820 C:\WINDOWS\system32\BrmfRsmg.exe
1012 E:\Program Files\EZ Armor\CA Anti-Virus\vetmsg.exe
2000 C:\WINDOWS\explorer.exe
516 E:\Program Files\EZ Armor\CA Personal Firewall\capfsem.exe
524 alg.exe
556 C:\WINDOWS\system32\wscntfy.exe
2028 E:\Program Files\EZ Armor\cctray\cctray.exe
2144 E:\Program Files\EZ Armor\CA Anti-Virus\cavrid.exe
2316 E:\Program Files\EZ Armor\CA Personal Firewall\capfasem.exe
2548 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
2620 E:\Program Files\EZ Armor\ccprovsp.exe
2640 C:\WINDOWS\system32\ezSP_Px.exe
2676 C:\WINDOWS\system32\svchost.exe
2712 C:\WINDOWS\system32\ctfmon.exe
2852 E:\Program Files\EZ Armor\CA Anti-Spyware\CAPPActiveProtection.exe
2960 E:\Program Files\EZ Armor\CA Anti-Spyware\PPCtlPriv.exe
3732 C:\WINDOWS\system32\wuauclt.exe
1836 E:\Program Files\Mozilla Firefox\firefox.exe
3160 C:\Documents and Settings\Mark Gunter\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`73f31400 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000006`63090c00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000007`5e8a8e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000008`5a0c1000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000009`164f1000 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000009`93538e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive0 at offset 0x0000000b`507ca600 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23EA-60, Rev: 00K2A0A3

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


MalwareBytes Log;


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5825

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2/20/2011 9:00:05 PM
mbam-log-2011-02-20 (21-00-05).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 244687
Time elapsed: 2 hour(s), 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\mark gunter\application data\thinstall\your uninstaller! 2006 version 5\1000000600002i\svchost.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.


Avira Scan Log;


Avira AntiVir Personal
Report file date: Tuesday, February 22, 2011 12:37

Scanning for 2425460 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MOBIL1

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 22:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 22:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 19:45:40
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 19:45:40
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 19:45:41
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 19:45:41
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 19:45:41
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 19:45:41
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 19:45:42
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 19:45:42
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 19:45:42
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 19:45:42
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 19:45:42
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 19:45:45
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 19:45:46
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 19:45:48
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 19:45:50
VBASE017.VDF : 7.11.3.184 2048 Bytes 2/22/2011 19:45:50
VBASE018.VDF : 7.11.3.185 2048 Bytes 2/22/2011 19:45:51
VBASE019.VDF : 7.11.3.186 2048 Bytes 2/22/2011 19:45:51
VBASE020.VDF : 7.11.3.187 2048 Bytes 2/22/2011 19:45:51
VBASE021.VDF : 7.11.3.188 2048 Bytes 2/22/2011 19:45:51
VBASE022.VDF : 7.11.3.189 2048 Bytes 2/22/2011 19:45:51
VBASE023.VDF : 7.11.3.190 2048 Bytes 2/22/2011 19:45:52
VBASE024.VDF : 7.11.3.191 2048 Bytes 2/22/2011 19:45:52
VBASE025.VDF : 7.11.3.192 2048 Bytes 2/22/2011 19:45:52
VBASE026.VDF : 7.11.3.193 2048 Bytes 2/22/2011 19:45:52
VBASE027.VDF : 7.11.3.194 2048 Bytes 2/22/2011 19:45:52
VBASE028.VDF : 7.11.3.195 2048 Bytes 2/22/2011 19:45:53
VBASE029.VDF : 7.11.3.196 2048 Bytes 2/22/2011 19:45:53
VBASE030.VDF : 7.11.3.197 2048 Bytes 2/22/2011 19:45:53
VBASE031.VDF : 7.11.3.198 2048 Bytes 2/22/2011 19:45:53
Engineversion : 8.2.4.170
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 22:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/22/2011 19:46:31
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 22:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 22:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 22:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/22/2011 19:46:26
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/22/2011 19:46:22
AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2/22/2011 19:46:20
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/22/2011 19:46:02
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/22/2011 19:46:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 22:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/22/2011 19:45:57
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 22:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 22:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 22:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 22:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 22:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 22:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 22:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 22:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 22:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: F:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, G:, H:, I:, J:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PFS,

Start of the scan: Tuesday, February 22, 2011 12:37

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '61' Module(s) have been scanned
Scan process 'avscan.exe' - '60' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'avgnt.exe' - '45' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned
Scan process 'avshadow.exe' - '22' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'PPCtlPriv.exe' - '23' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'CAPPActiveProtection.exe' - '57' Module(s) have been scanned
Scan process 'ezSP_Px.exe' - '19' Module(s) have been scanned
Scan process 'ccprovsp.exe' - '19' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'capfasem.exe' - '43' Module(s) have been scanned
Scan process 'CAVRID.exe' - '29' Module(s) have been scanned
Scan process 'cctray.exe' - '99' Module(s) have been scanned
Scan process 'wuauclt.exe' - '34' Module(s) have been scanned
Scan process 'capfsem.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '91' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'BRMFRSMG.EXE' - '19' Module(s) have been scanned
Scan process 'VetMsg.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'ITMRTSVC.exe' - '19' Module(s) have been scanned
Scan process 'ISafe.exe' - '29' Module(s) have been scanned
Scan process 'UmxAgent.exe' - '27' Module(s) have been scanned
Scan process 'UmxPol.exe' - '20' Module(s) have been scanned
Scan process 'UmxFwHlp.exe' - '21' Module(s) have been scanned
Scan process 'UmxCfg.exe' - '40' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '466' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\' <D>
Begin scan in 'E:\' <E>
E:\program file\EudoraBackUp\GrayPGS.fol\Our Subject.mbx
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
E:\Program Files\Qualcomm\Eudora\GrayPGS.fol\Our Subject.mbx
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
Begin scan in 'F:\' <F>
Begin scan in 'G:\' <G>
Begin scan in 'H:\' <H>
Begin scan in 'I:\' <I>
Begin scan in 'J:\' <Z>

Beginning disinfection:
E:\Program Files\Qualcomm\Eudora\GrayPGS.fol\Our Subject.mbx
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[NOTE] A backup was created as '4e45e3fd.qua' ( QUARANTINE )
E:\program file\EudoraBackUp\GrayPGS.fol\Our Subject.mbx
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[NOTE] A backup was created as '56d2cc5b.qua' ( QUARANTINE )


End of the scan: Tuesday, February 22, 2011 15:28
Used time: 2:44:14 Hour(s)

The scan has been done completely.




8081 Scanned directories
425792 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
425790 Files not concerned
8365 Archives were scanned
2 Warnings
2 Notes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 28 February 2011 - 12:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 28 February 2011 - 06:12 PM

same problem as i originally posted... can't get DDS to finish... jus hangs at the window with progress bar nearly across the window, HD light on solid w/ no HD noise... let sit like that for 30min... can't close or do anything because the keyboard locks up... so i force quit, start up again... did get RKUnHooker to run...

RKUnHooker log
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF742D000 C:\WINDOWS\System32\DRIVERS\w70n51.sys 2379776 bytes (Intel® Corporation, Intel® PRO/Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2180352 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2180352 bytes
0x804D7000 RAW 2180352 bytes
0x804D7000 WMIxWDM 2180352 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7265000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1110016 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBFA10000 C:\WINDOWS\System32\ati3d1ag.dll 831488 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xF0D09000 C:\WINDOWS\System32\Drivers\VETEFILE.SYS 741376 bytes (Computer Associates International, Inc., RealTime Anti-Virus Protection Driver)
0xF6D7B000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 622592 bytes (Conexant Systems, Inc., WinACHSF driver)
0xF8504000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF76CC000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 544768 bytes (ATI Technologies Inc., ATI Radeon Miniport Driver)
0xF0B7B000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6CC9000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xF0C5F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF05C9000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xEFEDD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 241664 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF73C1000 C:\WINDOWS\system32\drivers\yacxgc.sys 208896 bytes (YAMAHA CORPORATION, YAMAHA AC-XG WDM)
0xF6D22000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8666000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF84D7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF06B8000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF0156000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF0BEA000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7374000 C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys 167936 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF0C37000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF0B34000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF85F2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF0643000 C:\WINDOWS\System32\DRIVERS\KmxCF.sys 151552 bytes (CA, HIPS Content Filter Driver)
0xF739D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF0181000 C:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xF7672000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5.1 driver)
0xF73F4000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF7695000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF0C15000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF0B5A000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF85BA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF0DBE000 C:\WINDOWS\System32\DRIVERS\kmxfw.sys 131072 bytes (CA, HIPS Firewall Driver)
0xF8618000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF0CEA000 C:\WINDOWS\System32\Drivers\VETEBOOT.SYS 126976 bytes (Computer Associates International, Inc., RealTime Anti-Virus Protection Driver)
0xF8637000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF84A0000 kmxstart.sys 114688 bytes (CA, HIPS Core Driver)
0xF84BC000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF0DDE000 C:\WINDOWS\System32\DRIVERS\kmxcfg.sys 106496 bytes (CA, HIPS Kernel Configuration Cache)
0xF85DA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF0B1C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8591000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6D64000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7417000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 90112 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF0A8F000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF01A4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF76B8000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EC000 ACPI_HAL 81280 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF0CB7000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF1531000 C:\WINDOWS\System32\DRIVERS\kmxagent.sys 77824 bytes (CA, HIPS Agent Driver)
0xF0A7C000 C:\WINDOWS\System32\DRIVERS\KmxSbx.sys 77824 bytes (CA, HIPS Registry, Spawning and Devices Guard driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF85A8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8655000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6D53000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF87C5000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7D3A000 C:\WINDOWS\system32\DRIVERS\mf.sys 65536 bytes (Microsoft Corporation, Multifunction Enumerator)
0xF7D2A000 C:\WINDOWS\System32\Drivers\BrSerWdm.sys 61440 bytes (Brother Industries Ltd., Brother Serial driver (WDM version))
0xF79C7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8775000 C:\WINDOWS\System32\DRIVERS\KmxFile.sys 61440 bytes (CA, HIPS File Guard driver)
0xF86C5000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF79D7000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF8905000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8755000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF0411000 C:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xF86D5000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF79E7000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8715000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF0431000 C:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xF7A07000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77E1000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF86F5000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77C1000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8725000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF79F7000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF86E5000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77D1000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF88F5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF88E5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8705000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF87A5000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7D4A000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7A27000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF86B5000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77B1000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8785000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEFCA9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A17000 C:\WINDOWS\System32\DRIVERS\SonyPI.sys 36864 bytes (Sony Corporation, Sony Programmable I/O Control Device)
0xF8795000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF786F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A05000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8985000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF897D000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8935000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF788F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8995000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF898D000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF89B5000 C:\WINDOWS\System32\Drivers\VETMONNT.SYS 28672 bytes (Computer Associates International, Inc., CA Antivirus File Protection Driver)
0xF787F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7877000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7887000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF89A5000 C:\WINDOWS\System32\Drivers\VET-FILT.SYS 24576 bytes (Computer Associates International, Inc., CA Antivirus File Protection Driver)
0xF8A0D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78AF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF893D000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8AAD000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8945000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8AB5000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7867000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7897000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78A7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8ACD000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF844B000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8B69000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0AB4000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF1735000 C:\WINDOWS\System32\Drivers\VET-REC.SYS 16384 bytes (Computer Associates International, Inc., CA Antivirus File Protection Driver)
0xF1739000 C:\WINDOWS\System32\Drivers\VETFDDNT.SYS 16384 bytes (Computer Associates International, Inc., CA Antivirus File Protection Driver)
0xF8AD1000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8AC5000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF173D000 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys 12288 bytes (Brother Industries Ltd., Brother USB MDM Driver )
0xF1741000 C:\WINDOWS\System32\Drivers\BrUsbScn.sys 12288 bytes (Brother Industries Ltd., Brother USB SCN Driver)
0xF8AC9000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF0E08000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8BA1000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF068C000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF1745000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8B51000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF1480000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8BE5000 F:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8BDF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8BB9000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8BEB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8BDD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8BB5000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8BCD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8BE1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8C2F000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xF8C2B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8C31000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8BB7000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8DF3000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8CAE000 C:\WINDOWS\System32\Drivers\Brfilt.sys 4096 bytes (Brother Industries Ltd., Brother Multi Function Filter driver)
0xF8CC2000 C:\WINDOWS\System32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF8D0D000 C:\WINDOWS\system32\drivers\drmkaud.sys 4096 bytes (Microsoft Corporation, Microsoft Kernel DRM Audio Descrambler Filter)
0xF8D7B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D0B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8C7E000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8C7D000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 28 February 2011 - 06:24 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 28 February 2011 - 09:28 PM

can't get ComboFix to run on here... it starts & about 45sec - 1 min in Autoscan HD light goes solid w/ no HD sound, keyboard locks, so then it's the ol force quit... even uninstalled Avira & CA suite, jus in case either may cause ComboFix some grief, still same result... an odd thing to me was the CA had 2 instances in Add/Remove list, one was the suite w/ firewall, the other was jus firewall... the suite uninstalled no problem... the remaining firewall keeps getting an error bout half way through the uninstall... don't know if that's causing anything but it sure pissed me off... even tried ComboFix in Safe Mode, it stalled again... something else i noticed is the mouse pad & keyboards seem to be working more times than not after boot up.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 28 February 2011 - 09:41 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 01 March 2011 - 04:31 PM

still getting the mouse nonfunction... took 3 boot ups before mouse & keyboards worked



TDSSKiller Report

2011/03/01 13:27:44.0561 3204 TDSS rootkit removing tool 2.4.19.0 Feb 28 2011 17:08:37
2011/03/01 13:27:44.0752 3204 ================================================================================
2011/03/01 13:27:44.0752 3204 SystemInfo:
2011/03/01 13:27:44.0752 3204
2011/03/01 13:27:44.0752 3204 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/01 13:27:44.0752 3204 Product type: Workstation
2011/03/01 13:27:44.0752 3204 ComputerName: MOBIL1
2011/03/01 13:27:44.0752 3204 UserName: M
2011/03/01 13:27:44.0752 3204 Windows directory: C:\WINDOWS
2011/03/01 13:27:44.0752 3204 System windows directory: C:\WINDOWS
2011/03/01 13:27:44.0752 3204 Processor architecture: Intel x86
2011/03/01 13:27:44.0752 3204 Number of processors: 1
2011/03/01 13:27:44.0752 3204 Page size: 0x1000
2011/03/01 13:27:44.0752 3204 Boot type: Normal boot
2011/03/01 13:27:44.0752 3204 ================================================================================
2011/03/01 13:27:45.0533 3204 Initialize success
2011/03/01 13:27:52.0002 3276 ================================================================================
2011/03/01 13:27:52.0002 3276 Scan started
2011/03/01 13:27:52.0002 3276 Mode: Manual;
2011/03/01 13:27:52.0002 3276 ================================================================================
2011/03/01 13:27:53.0965 3276 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/01 13:27:54.0395 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/01 13:27:55.0257 3276 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/01 13:27:55.0707 3276 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/03/01 13:27:56.0158 3276 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/01 13:27:58.0201 3276 ApfiltrService (b18b9df784adc7f61381ba6a5123c002) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/01 13:27:58.0561 3276 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/01 13:27:59.0993 3276 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/01 13:28:00.0414 3276 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/01 13:28:01.0315 3276 ati2mtag (7c442aeb7ca1cde50e44534fb731ed7c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/01 13:28:01.0886 3276 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/01 13:28:02.0337 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/01 13:28:02.0717 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/01 13:28:03.0138 3276 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/03/01 13:28:03.0539 3276 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/01 13:28:03.0629 3276 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/01 13:28:04.0089 3276 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/03/01 13:28:04.0490 3276 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/03/01 13:28:04.0850 3276 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/03/01 13:28:05.0481 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/01 13:28:06.0212 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/01 13:28:06.0713 3276 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/01 13:28:07.0264 3276 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/01 13:28:08.0055 3276 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/01 13:28:08.0756 3276 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/01 13:28:10.0238 3276 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/01 13:28:10.0919 3276 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/01 13:28:11.0560 3276 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/03/01 13:28:11.0941 3276 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/01 13:28:12.0371 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/01 13:28:12.0782 3276 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/01 13:28:13.0493 3276 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/01 13:28:13.0913 3276 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/01 13:28:14.0384 3276 fa410 (b64a76d3c444c8a24b6cefe8658cf62d) C:\WINDOWS\system32\DRIVERS\fa410nd5.sys
2011/03/01 13:28:14.0785 3276 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/01 13:28:15.0275 3276 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/01 13:28:15.0666 3276 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/01 13:28:16.0047 3276 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/01 13:28:16.0477 3276 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/01 13:28:16.0898 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/01 13:28:17.0358 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/01 13:28:17.0779 3276 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/01 13:28:18.0190 3276 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
2011/03/01 13:28:18.0560 3276 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/01 13:28:19.0321 3276 HSFHWICH (6970492ff51fdd2e1650ee7548f7f851) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/03/01 13:28:20.0132 3276 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/01 13:28:20.0924 3276 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/01 13:28:22.0065 3276 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/01 13:28:22.0456 3276 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/01 13:28:23.0527 3276 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/01 13:28:23.0898 3276 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/01 13:28:24.0298 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/01 13:28:24.0679 3276 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/01 13:28:25.0090 3276 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/01 13:28:25.0600 3276 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/01 13:28:26.0021 3276 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/01 13:28:26.0441 3276 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/01 13:28:26.0812 3276 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/01 13:28:27.0263 3276 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/01 13:28:27.0693 3276 KmxAgent (f4ffca2de8290de6118583bf74962243) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
2011/03/01 13:28:28.0084 3276 KmxCF (9cb6ae1a28c0a5b70afc208f068bc24f) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
2011/03/01 13:28:28.0494 3276 KmxCfg (df0de1110162e761a7f60c392ad177dd) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
2011/03/01 13:28:28.0835 3276 KmxFile (28c7643d33ed066622e93260f818adfd) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
2011/03/01 13:28:29.0256 3276 KmxFw (6db409366cb3325a67a01308ce23ae1a) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
2011/03/01 13:28:29.0646 3276 KmxSbx (2df089f8594ae18d5c1a1bfbdd967eab) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
2011/03/01 13:28:30.0057 3276 KmxStart (f68a8118c1e26967533cc06206154784) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
2011/03/01 13:28:30.0537 3276 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/01 13:28:31.0499 3276 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/01 13:28:31.0909 3276 mf (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/03/01 13:28:32.0330 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/01 13:28:32.0731 3276 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/01 13:28:33.0091 3276 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/01 13:28:33.0482 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/01 13:28:33.0852 3276 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/01 13:28:34.0633 3276 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/01 13:28:35.0204 3276 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/01 13:28:35.0735 3276 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/01 13:28:36.0125 3276 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/01 13:28:36.0536 3276 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/01 13:28:36.0886 3276 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/01 13:28:37.0257 3276 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/01 13:28:37.0678 3276 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/01 13:28:38.0128 3276 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/01 13:28:38.0559 3276 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/01 13:28:38.0919 3276 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/01 13:28:39.0310 3276 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/01 13:28:39.0731 3276 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/01 13:28:40.0101 3276 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/01 13:28:40.0592 3276 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/01 13:28:41.0093 3276 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/01 13:28:41.0543 3276 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/01 13:28:42.0114 3276 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/01 13:28:42.0695 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/01 13:28:43.0065 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/01 13:28:43.0466 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/01 13:28:43.0857 3276 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/01 13:28:44.0277 3276 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/01 13:28:44.0678 3276 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/01 13:28:45.0028 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/01 13:28:45.0449 3276 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/01 13:28:46.0190 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/01 13:28:46.0600 3276 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/01 13:28:49.0094 3276 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/01 13:28:49.0485 3276 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/01 13:28:49.0905 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/01 13:28:50.0286 3276 PxHelp20 (cdd1ff48a4e21e0c40d62c15d9c87785) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/03/01 13:28:52.0469 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/01 13:28:52.0859 3276 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/01 13:28:53.0250 3276 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/01 13:28:53.0641 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/01 13:28:54.0061 3276 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/01 13:28:54.0472 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/01 13:28:54.0872 3276 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/01 13:28:55.0363 3276 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/01 13:28:55.0834 3276 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/01 13:28:56.0304 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/01 13:28:56.0735 3276 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/01 13:28:57.0116 3276 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/01 13:28:57.0867 3276 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/03/01 13:28:58.0598 3276 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/03/01 13:28:58.0978 3276 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/01 13:28:59.0339 3276 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/01 13:28:59.0870 3276 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/01 13:29:00.0360 3276 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/01 13:29:00.0791 3276 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/01 13:29:02.0443 3276 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/01 13:29:02.0964 3276 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/01 13:29:03.0455 3276 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/01 13:29:03.0835 3276 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/01 13:29:04.0206 3276 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/01 13:29:04.0977 3276 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/01 13:29:05.0898 3276 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/01 13:29:06.0419 3276 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/01 13:29:06.0820 3276 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/01 13:29:07.0220 3276 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/01 13:29:07.0591 3276 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/01 13:29:08.0001 3276 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/01 13:29:08.0382 3276 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/01 13:29:08.0762 3276 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/01 13:29:09.0223 3276 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/01 13:29:09.0934 3276 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/01 13:29:11.0136 3276 w70n51 (95c908389cc4530d49a76a94dbd9e174) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/03/01 13:29:12.0357 3276 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/01 13:29:13.0149 3276 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/01 13:29:13.0619 3276 WDM_YAMAHAAC97 (00c6fb98588aa31b79d43568c7878f47) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/03/01 13:29:14.0270 3276 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/01 13:29:15.0101 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/01 13:29:15.0562 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/01 13:29:16.0053 3276 ================================================================================
2011/03/01 13:29:16.0053 3276 Scan finished
2011/03/01 13:29:16.0053 3276 ================================================================================

#8 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 03 March 2011 - 04:49 PM

any ideas for what's next on this box?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 03 March 2011 - 06:50 PM

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • Log From ESET Online Scanner
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 04 March 2011 - 12:31 AM

the mouse seems quite a bit more responsive... we'll see how it starts up tomorrow
apparently more BatBits found by ESet..


MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5948

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/3/2011 5:11:43 PM
mbam-log-2011-03-03 (17-11-43).txt

Scan type: Quick scan
Objects scanned: 157798
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESet Scan log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16640 (vista_gdr.080213-1606)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=9492a79297ee724b9f889c62a8bf86bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-04 03:18:30
# local_time=2011-03-03 07:18:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 95758481 95758481 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=90293
# found=6
# cleaned=0
# scan_time=6168
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc12.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc13.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc166.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc6.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
E:\DownLoad Programs\Dolphin screen saver.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

#11 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:07:21 AM

Posted 04 March 2011 - 08:44 PM

what can be done wit these BadBits?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 04 March 2011 - 08:50 PM

Hello

There are some minor things in your online scan that should be removed.

C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc12.exe
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc13.exe
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc166.exe
C:\Documents and Settings\Mark Gunter\Application Data\Thinstall\Your Uninstaller! 2006 Version 5\%drive_C%\RECYCLER\S-1-5-21-2264015263-3572253575-2870109342-1004\Dc6.exe

These are in the recycle bin and just needs to be emptied


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "E:\DownLoad Programs\Dolphin screen saver.exe"
    del /f /s /q "C:\WINDOWS\system32\Process.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:21 AM

Posted 07 March 2011 - 07:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users