Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engines keep redirecting me and i get pop up windows


  • This topic is locked This topic is locked
16 replies to this topic

#1 318fella

318fella

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 March 2011 - 02:19 PM

When I search for something on google, yahoo, or bing then click on the link it provided, it redirects me to someother page. I have to click refresh about 8-10 times untill I see the right page I'm looking for loading in the status bar. Also AVG said it blocked File name: kl5i.co.cc/index.php?tp=2fdbd72b478def7c Threat name:exploit blackhole exploit kit (type 1384) when i click details it says porcess name: D:\D\system32\svchost.exe Process ID: 1264. Below are the DDS log and attach log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by cody parker at 16:04:33.81 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.947 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
D:\D\system32\svchost -k DcomLaunch
svchost.exe
D:\D\System32\svchost.exe -k netsvcs
D:\D\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\D\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\D\Explorer.EXE
svchost.exe
D:\Program Files\AVG\AVG10\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
D:\D\system32\nvsvc32.exe
D:\D\System32\svchost.exe -k imgsvc
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\D\SOUNDMAN.EXE
D:\D\system32\LVCOMSX.EXE
D:\D\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\AVG\AVG10\avgtray.exe
D:\D\system32\taskmgr.exe
D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\cody parker\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearch Bar = 1886680168 (0x70747468)
uURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
mWinlogon: Userinit=d:\d\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LVCOMSX] d:\d\system32\LVCOMSX.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\d\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\d\system32\NvMcTray.dll,NvTaskbarInit
mRun: [M-Audio Taskbar Icon] d:\d\system32\M-AudioTaskBarIcon.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] d:\program files\avg\avg10\avgtray.exe
IE: eBay Search - d:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292290174780
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292290157421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\d\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;d:\d\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\d\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;d:\d\system32\drivers\Lbd.sys [2010-12-13 64288]
R1 Avgldx86;AVG AVI Loader Driver;d:\d\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\d\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;d:\d\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 MAudioConectivService;M-Audio Conectiv Installer;d:\program files\m-audio\conectiv\MAUSBCVInst.exe [2011-1-8 57344]
R3 AVGIDSDriver;AVGIDSDriver;d:\d\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;d:\d\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;d:\d\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\program files\lavasoft\ad-aware\kernexplorer.sys --> d:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MADFU;MADFU;d:\d\system32\drivers\MADFU.sys [2011-1-8 16512]
S3 MAUSBML;Service for M-Audio Conectiv (WDM);d:\d\system32\drivers\mausbcv.sys [2011-1-8 110592]
S3 nk_bus;Nokia USB Bus Service;d:\d\system32\drivers\nk_bus.sys [2007-8-10 22144]
.
=============== Created Last 30 ================
.
2011-03-08 20:22:44 -------- d-----w- d:\docume~1\codypa~1\applic~1\AVG
2011-03-08 05:13:58 -------- d--h--w- D:\$AVG
2011-03-08 04:49:48 -------- d-----w- d:\docume~1\codypa~1\applic~1\AVG10
2011-03-08 04:47:13 -------- d--h--w- d:\docume~1\alluse~1\applic~1\Common Files
2011-03-08 04:44:27 -------- d-----w- d:\docume~1\alluse~1\applic~1\AVG10
2011-03-08 04:44:27 -------- d-----w- d:\d\system32\drivers\AVG
2011-03-08 04:43:02 -------- d-----w- d:\program files\AVG
2011-03-08 04:06:54 -------- d-----w- d:\docume~1\alluse~1\applic~1\MFAData
2011-03-05 23:30:51 472808 ----a-w- d:\d\system32\deployJava1.dll
2011-03-05 03:48:01 -------- d-----w- d:\d\system32\wbem\repository\FS
2011-03-05 03:48:01 -------- d-----w- d:\d\system32\wbem\Repository
2011-03-05 00:13:33 -------- d-----w- d:\program files\AVAST Software
2011-03-05 00:13:33 -------- d-----w- d:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-01 23:15:07 -------- d-----w- d:\docume~1\codypa~1\applic~1\My Games
2011-03-01 22:56:39 -------- d-----w- d:\program files\Firaxis Games
2011-03-01 22:56:11 69714 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-01 22:56:11 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-01 22:56:11 274432 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-01 22:56:11 184320 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-01 22:56:10 753664 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-01 22:56:10 200836 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-01 22:56:09 331908 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-01 21:00:21 -------- d-----w- d:\d\system32\QuickTime
2011-03-01 20:59:30 -------- d-----w- d:\program files\M-Audio Conectiv
2011-03-01 20:59:28 -------- d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-01 20:58:45 -------- d-----w- d:\docume~1\codypa~1\applic~1\WhiteSmokeTranslator
2011-03-01 20:58:16 -------- d-----w- d:\program files\Microsoft Security Client
2011-03-01 02:27:19 -------- d-----w- d:\d\system32\custom matrices
2011-03-01 02:27:08 -------- d-----w- d:\d\system32\C2MP
2011-02-23 01:43:42 -------- d-----w- d:\docume~1\codypa~1\applic~1\vShare
2011-02-21 20:21:37 217088 ----a-w- d:\program files\common files\installshield\iscript\IScript.dll
2011-02-21 20:21:37 217088 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-02-21 20:21:36 77824 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-02-21 20:21:36 32768 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-02-20 17:54:33 -------- d-----w- d:\docume~1\codypa~1\applic~1\SUPERAntiSpyware.com
2011-02-20 17:54:04 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-02-19 22:09:53 -------- d-----w- d:\program files\Browser Hijack Recover
2011-02-17 05:27:13 -------- d-----w- d:\docume~1\alluse~1\applic~1\SecTaskMan
2011-02-17 05:26:53 -------- d-----w- d:\program files\Security Task Manager
2011-02-17 04:58:15 -------- d-----w- d:\program files\Trend Micro
2011-02-17 01:34:11 -------- d-----w- d:\docume~1\codypa~1\applic~1\Malwarebytes
2011-02-17 01:32:35 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-02-15 04:40:36 28752 ----a-w- d:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{23f58399-17f5-4891-84c8-0773fc76ce12}\MpKsld2739c0c.sys
2011-02-13 23:46:00 -------- d-----w- d:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-13 06:33:25 5890896 ----a-w- d:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{23f58399-17f5-4891-84c8-0773fc76ce12}\mpengine.dll
2011-02-13 06:33:25 222080 ------w- d:\d\system32\MpSigStub.exe
2011-02-12 00:03:53 -------- d-----w- d:\program files\Hasbro
2011-02-11 21:46:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2011-02-11 21:37:22 -------- d-----w- d:\docume~1\codypa~1\applic~1\GetRightToGo
2011-02-11 07:52:34 26600 ----a-w- d:\d\system32\drivers\GEARAspiWDM.sys
2011-02-11 07:52:34 107368 ----a-w- d:\d\system32\GEARAspi.dll
2011-02-11 07:51:17 -------- d-----w- d:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-11 07:50:09 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-11 07:48:51 -------- d-----w- d:\docume~1\codypa~1\locals~1\applic~1\Apple
2011-02-11 07:46:27 -------- d-----w- d:\docume~1\codypa~1\locals~1\applic~1\Apple Computer
2011-02-08 21:48:33 -------- d-----w- d:\d\system32\cache
2011-02-07 17:45:52 80896 ----a-w- d:\d\system32\ff_vfw.dll
2011-02-07 17:39:02 4166551 ----a-w- d:\d\system32\ffmpeg.dll
2011-02-07 02:50:41 0 ----a-w- d:\d\Aqohujitif.bin
2011-02-07 02:50:37 -------- d-----w- d:\docume~1\codypa~1\locals~1\applic~1\{4DBFEAC8-3C9C-4BCC-B4CD-A1CD8AC8FD4E}
.
==================== Find3M ====================
.
2011-03-05 23:30:25 73728 ----a-w- d:\d\system32\javacpl.cpl
2010-12-25 17:53:05 24576 ----a-w- d:\d\system32\userinit.exe
2010-12-23 20:17:10 108144 ----a-w- d:\d\system32\CmdLineExt.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-00DEA0 rev.05.03E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FB185C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89fb7a38]; MOV EAX, [0x89fb7ab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A00EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000062[0x8A0B6688]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x89FFCD98]
\Driver\atapi[0x8A003380] -> IRP_MJ_CREATE -> 0x89FB185C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD400BB-00DEA0______________________05.03E05#4457572d41433144373837313533_039_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89FB16A2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:06:13.09 ===============

forgot to attach these! please help!

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 09 March 2011 - 03:57 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 09 March 2011 - 04:32 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 March 2011 - 04:44 PM

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-09 15:39:52
-----------------------------
15:39:52.046 OS Version: Windows 5.1.2600 Service Pack 3
15:39:52.046 Number of processors: 1 586 0x801
15:39:52.046 ComputerName: C.PARK-GHP6ZF UserName: c. parker
15:39:53.359 Initialize success
15:39:58.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:39:58.156 Disk 0 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 38166MB BusType: 3
15:39:58.156 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
15:39:58.156 Disk 1 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
15:40:00.187 Disk 0 MBR read successfully
15:40:00.187 Disk 0 MBR scan
15:40:02.187 Disk 0 scanning sectors +78140160
15:40:02.203 Disk 0 scanning D:\D\system32\drivers
15:40:13.406 Service scanning
15:40:15.968 Disk 0 trace - called modules:
15:40:15.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
15:40:15.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ffcab8]
15:40:15.984 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a074f18]
15:40:15.984 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a05bd98]
15:40:15.984 Scan finished successfully

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 09 March 2011 - 04:51 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 March 2011 - 05:43 PM

2011/03/09 16:39:48.0296 3320 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 16:39:48.0562 3320 ================================================================================
2011/03/09 16:39:48.0562 3320 SystemInfo:
2011/03/09 16:39:48.0562 3320
2011/03/09 16:39:48.0562 3320 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/09 16:39:48.0562 3320 Product type: Workstation
2011/03/09 16:39:48.0562 3320 ComputerName: C.PARK-GHP6ZF
2011/03/09 16:39:48.0562 3320 UserName: c. parker
2011/03/09 16:39:48.0562 3320 Windows directory: D:\D
2011/03/09 16:39:48.0562 3320 System windows directory: D:\D
2011/03/09 16:39:48.0562 3320 Processor architecture: Intel x86
2011/03/09 16:39:48.0562 3320 Number of processors: 1
2011/03/09 16:39:48.0562 3320 Page size: 0x1000
2011/03/09 16:39:48.0562 3320 Boot type: Normal boot
2011/03/09 16:39:48.0562 3320 ================================================================================
2011/03/09 16:39:48.0828 3320 Initialize success
2011/03/09 16:39:52.0093 3772 ================================================================================
2011/03/09 16:39:52.0093 3772 Scan started
2011/03/09 16:39:52.0093 3772 Mode: Manual;
2011/03/09 16:39:52.0093 3772 ================================================================================
2011/03/09 16:39:54.0203 3772 ACPI (8fd99680a539792a30e97944fdaecf17) D:\D\system32\DRIVERS\ACPI.sys
2011/03/09 16:39:54.0453 3772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\D\system32\drivers\ACPIEC.sys
2011/03/09 16:39:54.0843 3772 aec (8bed39e3c35d6a489438b8141717a557) D:\D\system32\drivers\aec.sys
2011/03/09 16:39:55.0109 3772 AFD (7e775010ef291da96ad17ca4b17137d7) D:\D\System32\drivers\afd.sys
2011/03/09 16:39:55.0968 3772 ALCXWDM (dd8520280304b6145a6be31008748c7c) D:\D\system32\drivers\ALCXWDM.SYS
2011/03/09 16:39:56.0687 3772 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) D:\D\system32\DRIVERS\amdk7.sys
2011/03/09 16:39:57.0734 3772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\D\system32\DRIVERS\asyncmac.sys
2011/03/09 16:39:57.0968 3772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\D\system32\DRIVERS\atapi.sys
2011/03/09 16:39:58.0312 3772 Atmarpc (9916c1225104ba14794209cfa8012159) D:\D\system32\DRIVERS\atmarpc.sys
2011/03/09 16:39:58.0609 3772 audstub (d9f724aa26c010a217c97606b160ed68) D:\D\system32\DRIVERS\audstub.sys
2011/03/09 16:39:58.0937 3772 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) D:\D\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/09 16:39:59.0156 3772 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) D:\D\system32\DRIVERS\AVGIDSEH.Sys
2011/03/09 16:39:59.0390 3772 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) D:\D\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/09 16:39:59.0625 3772 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) D:\D\system32\DRIVERS\AVGIDSShim.Sys
2011/03/09 16:39:59.0890 3772 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) D:\D\system32\DRIVERS\avgldx86.sys
2011/03/09 16:40:00.0109 3772 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) D:\D\system32\DRIVERS\avgmfx86.sys
2011/03/09 16:40:00.0312 3772 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) D:\D\system32\DRIVERS\avgrkx86.sys
2011/03/09 16:40:00.0609 3772 Avgtdix (660788ec46f10ece80274d564fa8b4aa) D:\D\system32\DRIVERS\avgtdix.sys
2011/03/09 16:40:00.0921 3772 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\D\system32\drivers\Beep.sys
2011/03/09 16:40:01.0250 3772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\D\system32\drivers\cbidf2k.sys
2011/03/09 16:40:01.0500 3772 CCDECODE (0be5aef125be881c4f854c554f2b025c) D:\D\system32\DRIVERS\CCDECODE.sys
2011/03/09 16:40:01.0859 3772 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\D\system32\drivers\Cdaudio.sys
2011/03/09 16:40:02.0078 3772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\D\system32\drivers\Cdfs.sys
2011/03/09 16:40:02.0359 3772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\D\system32\DRIVERS\cdrom.sys
2011/03/09 16:40:03.0718 3772 Disk (044452051f3e02e7963599fc8f4f3e25) D:\D\system32\DRIVERS\disk.sys
2011/03/09 16:40:04.0046 3772 dmboot (d992fe1274bde0f84ad826acae022a41) D:\D\system32\drivers\dmboot.sys
2011/03/09 16:40:04.0328 3772 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\D\system32\drivers\dmio.sys
2011/03/09 16:40:04.0578 3772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\D\system32\drivers\dmload.sys
2011/03/09 16:40:04.0906 3772 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\D\system32\drivers\DMusic.sys
2011/03/09 16:40:05.0312 3772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\D\system32\drivers\drmkaud.sys
2011/03/09 16:40:05.0671 3772 Fastfat (38d332a6d56af32635675f132548343e) D:\D\system32\drivers\Fastfat.sys
2011/03/09 16:40:05.0937 3772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\D\system32\DRIVERS\fdc.sys
2011/03/09 16:40:06.0234 3772 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\D\system32\DRIVERS\fetnd5.sys
2011/03/09 16:40:06.0453 3772 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\D\system32\drivers\Fips.sys
2011/03/09 16:40:06.0703 3772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\D\system32\DRIVERS\flpydisk.sys
2011/03/09 16:40:06.0921 3772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\D\system32\drivers\fltmgr.sys
2011/03/09 16:40:07.0234 3772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\D\system32\drivers\Fs_Rec.sys
2011/03/09 16:40:07.0484 3772 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\D\system32\DRIVERS\ftdisk.sys
2011/03/09 16:40:07.0734 3772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\D\system32\DRIVERS\GEARAspiWDM.sys
2011/03/09 16:40:07.0937 3772 giveio (77ebf3e9386daa51551af429052d88d0) D:\D\system32\giveio.sys
2011/03/09 16:40:08.0093 3772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\D\system32\DRIVERS\msgpc.sys
2011/03/09 16:40:08.0468 3772 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\D\system32\DRIVERS\hidusb.sys
2011/03/09 16:40:09.0218 3772 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\D\system32\Drivers\HTTP.sys
2011/03/09 16:40:09.0703 3772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\D\system32\DRIVERS\i8042prt.sys
2011/03/09 16:40:10.0031 3772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\D\system32\DRIVERS\imapi.sys
2011/03/09 16:40:10.0609 3772 ip6fw (3bb22519a194418d5fec05d800a19ad0) D:\D\system32\drivers\ip6fw.sys
2011/03/09 16:40:10.0843 3772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\D\system32\DRIVERS\ipfltdrv.sys
2011/03/09 16:40:11.0093 3772 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\D\system32\DRIVERS\ipinip.sys
2011/03/09 16:40:11.0296 3772 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\D\system32\DRIVERS\ipnat.sys
2011/03/09 16:40:11.0546 3772 IPSec (23c74d75e36e7158768dd63d92789a91) D:\D\system32\DRIVERS\ipsec.sys
2011/03/09 16:40:11.0781 3772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\D\system32\DRIVERS\irenum.sys
2011/03/09 16:40:12.0078 3772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\D\system32\DRIVERS\isapnp.sys
2011/03/09 16:40:12.0359 3772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\D\system32\DRIVERS\kbdclass.sys
2011/03/09 16:40:12.0593 3772 kmixer (692bcf44383d056aed41b045a323d378) D:\D\system32\drivers\kmixer.sys
2011/03/09 16:40:12.0812 3772 KSecDD (b467646c54cc746128904e1654c750c1) D:\D\system32\drivers\KSecDD.sys
2011/03/09 16:40:13.0218 3772 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) D:\D\system32\DRIVERS\Lbd.sys
2011/03/09 16:40:13.0781 3772 Lvckap (bd0d8c9e3aef163dafa0a3c27106d049) D:\D\system32\drivers\Lvckap.sys
2011/03/09 16:40:14.0156 3772 lvmvdrv (c2ad4603075b1c58d92b6bb00e08e958) D:\D\system32\drivers\lvmvdrv.sys
2011/03/09 16:40:14.0468 3772 LVPrcMon (4fd5a6335fb4fc1f758088b2f90613fe) D:\D\system32\drivers\LVPrcMon.sys
2011/03/09 16:40:14.0781 3772 LVUSBSta (c0883f7914afa7feaa41ada0d513ac16) D:\D\system32\DRIVERS\LVUSBSta.sys
2011/03/09 16:40:15.0125 3772 MADFU (f1fa90872ca02e89cb187b99baa5cf7b) D:\D\system32\DRIVERS\MADFU.sys
2011/03/09 16:40:15.0453 3772 MAUSBML (31d49b5107a0187122e1fd73b99e7bb8) D:\D\system32\DRIVERS\mausbcv.sys
2011/03/09 16:40:15.0781 3772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\D\system32\drivers\mnmdd.sys
2011/03/09 16:40:16.0078 3772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\D\system32\drivers\Modem.sys
2011/03/09 16:40:16.0296 3772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\D\system32\DRIVERS\mouclass.sys
2011/03/09 16:40:16.0531 3772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\D\system32\DRIVERS\mouhid.sys
2011/03/09 16:40:16.0781 3772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\D\system32\drivers\MountMgr.sys
2011/03/09 16:40:17.0250 3772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\D\system32\DRIVERS\mrxdav.sys
2011/03/09 16:40:17.0515 3772 MRxSmb (f3aefb11abc521122b67095044169e98) D:\D\system32\DRIVERS\mrxsmb.sys
2011/03/09 16:40:17.0843 3772 Msfs (c941ea2454ba8350021d774daf0f1027) D:\D\system32\drivers\Msfs.sys
2011/03/09 16:40:18.0125 3772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\D\system32\drivers\MSKSSRV.sys
2011/03/09 16:40:18.0359 3772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\D\system32\drivers\MSPCLOCK.sys
2011/03/09 16:40:18.0640 3772 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\D\system32\drivers\MSPQM.sys
2011/03/09 16:40:18.0875 3772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\D\system32\DRIVERS\mssmbios.sys
2011/03/09 16:40:19.0031 3772 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) D:\D\system32\drivers\MSTEE.sys
2011/03/09 16:40:19.0250 3772 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\D\system32\drivers\Mup.sys
2011/03/09 16:40:19.0453 3772 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) D:\D\system32\DRIVERS\NABTSFEC.sys
2011/03/09 16:40:19.0734 3772 NDIS (1df7f42665c94b825322fae71721130d) D:\D\system32\drivers\NDIS.sys
2011/03/09 16:40:19.0984 3772 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) D:\D\system32\DRIVERS\NdisIP.sys
2011/03/09 16:40:20.0203 3772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\D\system32\DRIVERS\ndistapi.sys
2011/03/09 16:40:20.0406 3772 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\D\system32\DRIVERS\ndisuio.sys
2011/03/09 16:40:20.0781 3772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\D\system32\DRIVERS\ndiswan.sys
2011/03/09 16:40:21.0125 3772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\D\system32\drivers\NDProxy.sys
2011/03/09 16:40:21.0390 3772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\D\system32\DRIVERS\netbios.sys
2011/03/09 16:40:21.0640 3772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\D\system32\DRIVERS\netbt.sys
2011/03/09 16:40:22.0015 3772 nk_bus (6c459d3113565d8e016e443dd5b23097) D:\D\system32\Drivers\nk_bus.sys
2011/03/09 16:40:22.0281 3772 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\D\system32\drivers\Npfs.sys
2011/03/09 16:40:22.0562 3772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\D\system32\drivers\Ntfs.sys
2011/03/09 16:40:22.0843 3772 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\D\system32\drivers\Null.sys
2011/03/09 16:40:23.0500 3772 nv (c190757a29a9bc0199032f353dd2557a) D:\D\system32\DRIVERS\nv4_mini.sys
2011/03/09 16:40:23.0875 3772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\D\system32\DRIVERS\nwlnkflt.sys
2011/03/09 16:40:24.0125 3772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\D\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 16:40:24.0343 3772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\D\system32\DRIVERS\parport.sys
2011/03/09 16:40:24.0562 3772 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\D\system32\drivers\PartMgr.sys
2011/03/09 16:40:24.0796 3772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\D\system32\drivers\ParVdm.sys
2011/03/09 16:40:25.0000 3772 PCI (a219903ccf74233761d92bef471a07b1) D:\D\system32\DRIVERS\pci.sys
2011/03/09 16:40:25.0515 3772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\D\system32\drivers\Pcmcia.sys
2011/03/09 16:40:26.0625 3772 PID_0928 (238e89ca013cdd3ac5be63b144423f5c) D:\D\system32\DRIVERS\LV561AV.SYS
2011/03/09 16:40:27.0000 3772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\D\system32\DRIVERS\raspptp.sys
2011/03/09 16:40:27.0281 3772 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\D\system32\DRIVERS\processr.sys
2011/03/09 16:40:27.0500 3772 PSched (09298ec810b07e5d582cb3a3f9255424) D:\D\system32\DRIVERS\psched.sys
2011/03/09 16:40:27.0796 3772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\D\system32\DRIVERS\ptilink.sys
2011/03/09 16:40:28.0640 3772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\D\system32\DRIVERS\rasacd.sys
2011/03/09 16:40:28.0890 3772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\D\system32\DRIVERS\rasl2tp.sys
2011/03/09 16:40:29.0171 3772 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\D\system32\DRIVERS\raspppoe.sys
2011/03/09 16:40:29.0453 3772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\D\system32\DRIVERS\raspti.sys
2011/03/09 16:40:29.0734 3772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\D\system32\DRIVERS\rdbss.sys
2011/03/09 16:40:30.0015 3772 RDPCDD (4912d5b403614ce99c28420f75353332) D:\D\system32\DRIVERS\RDPCDD.sys
2011/03/09 16:40:30.0359 3772 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\D\system32\DRIVERS\rdpdr.sys
2011/03/09 16:40:30.0718 3772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\D\system32\drivers\RDPWD.sys
2011/03/09 16:40:31.0015 3772 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\D\system32\DRIVERS\redbook.sys
2011/03/09 16:40:31.0390 3772 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) D:\D\system32\DRIVERS\s3gnbm.sys
2011/03/09 16:40:31.0703 3772 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/09 16:40:31.0812 3772 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/09 16:40:32.0218 3772 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\D\system32\DRIVERS\secdrv.sys
2011/03/09 16:40:32.0500 3772 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\D\system32\DRIVERS\serenum.sys
2011/03/09 16:40:32.0828 3772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\D\system32\DRIVERS\serial.sys
2011/03/09 16:40:33.0500 3772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\D\system32\drivers\Sfloppy.sys
2011/03/09 16:40:33.0843 3772 SLIP (866d538ebe33709a5c9f5c62b73b7d14) D:\D\system32\DRIVERS\SLIP.sys
2011/03/09 16:40:34.0156 3772 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) D:\D\system32\speedfan.sys
2011/03/09 16:40:34.0375 3772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\D\system32\drivers\splitter.sys
2011/03/09 16:40:34.0609 3772 sptd (4f576e516cc76ec50a244586bcfa1c78) D:\D\System32\Drivers\sptd.sys
2011/03/09 16:40:34.0843 3772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\D\system32\DRIVERS\sr.sys
2011/03/09 16:40:35.0031 3772 Srv (0f6aefad3641a657e18081f52d0c15af) D:\D\system32\DRIVERS\srv.sys
2011/03/09 16:40:35.0250 3772 streamip (77813007ba6265c4b6098187e6ed79d2) D:\D\system32\DRIVERS\StreamIP.sys
2011/03/09 16:40:35.0453 3772 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\D\system32\DRIVERS\swenum.sys
2011/03/09 16:40:35.0609 3772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\D\system32\drivers\swmidi.sys
2011/03/09 16:40:36.0187 3772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\D\system32\drivers\sysaudio.sys
2011/03/09 16:40:36.0406 3772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\D\system32\DRIVERS\tcpip.sys
2011/03/09 16:40:36.0593 3772 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\D\system32\drivers\TDPIPE.sys
2011/03/09 16:40:36.0781 3772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\D\system32\drivers\TDTCP.sys
2011/03/09 16:40:36.0968 3772 TermDD (88155247177638048422893737429d9e) D:\D\system32\DRIVERS\termdd.sys
2011/03/09 16:40:37.0359 3772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\D\system32\drivers\Udfs.sys
2011/03/09 16:40:37.0671 3772 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\D\system32\DRIVERS\update.sys
2011/03/09 16:40:37.0890 3772 usbaudio (e919708db44ed8543a7c017953148330) D:\D\system32\drivers\usbaudio.sys
2011/03/09 16:40:38.0078 3772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\D\system32\DRIVERS\usbccgp.sys
2011/03/09 16:40:38.0296 3772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\D\system32\DRIVERS\usbehci.sys
2011/03/09 16:40:38.0484 3772 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\D\system32\DRIVERS\usbhub.sys
2011/03/09 16:40:38.0734 3772 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\D\system32\DRIVERS\USBSTOR.SYS
2011/03/09 16:40:38.0968 3772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\D\system32\DRIVERS\usbuhci.sys
2011/03/09 16:40:39.0250 3772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\D\System32\drivers\vga.sys
2011/03/09 16:40:39.0437 3772 viaagp (754292ce5848b3738281b4f3607eaef4) D:\D\system32\DRIVERS\viaagp.sys
2011/03/09 16:40:39.0593 3772 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) D:\D\system32\DRIVERS\viaide.sys
2011/03/09 16:40:39.0781 3772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\D\system32\drivers\VolSnap.sys
2011/03/09 16:40:39.0984 3772 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\D\system32\DRIVERS\wanarp.sys
2011/03/09 16:40:40.0250 3772 wdmaud (6768acf64b18196494413695f0c3a00f) D:\D\system32\drivers\wdmaud.sys
2011/03/09 16:40:40.0546 3772 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) D:\D\system32\DRIVERS\wpdusb.sys
2011/03/09 16:40:40.0765 3772 WSTCODEC (c98b39829c2bbd34e454150633c62c78) D:\D\system32\DRIVERS\WSTCODEC.SYS
2011/03/09 16:40:41.0000 3772 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\D\system32\DRIVERS\WudfPf.sys
2011/03/09 16:40:41.0281 3772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\D\system32\DRIVERS\wudfrd.sys
2011/03/09 16:40:41.0781 3772 ================================================================================
2011/03/09 16:40:41.0781 3772 Scan finished
2011/03/09 16:40:41.0781 3772 ================================================================================

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 10 March 2011 - 02:24 PM

Good evening. :)

For the next step you will need to temporarily uninstall your anti-virus program - AVG. It has repeatedly detected parts of the tool that you will use next as malicious, despite being contacted on more then one occasion, and as such it will interfere with the normal workings of the tool.

If you don't have a copy of AVG's installation file you can get one here.

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you have completed the above you can reinstall your AV.

So long, and thanks for all the fish.

 

 


#7 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 March 2011 - 05:34 PM

here is the log. my computer seems to be fixed, if not i'll let you know. now i won't have to re-intall windows. THANK YOU sooooo much! :thumbsup:

ComboFix 11-03-09.05 - c parker 03/10/2011 14:32:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1174 [GMT -6:00]
Running from: d:\documents and settings\c parker\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\d\system32\Cache
d:\d\system32\Cache\ca4316073ceb28c1.fb
d:\d\system32\Cache\ca4316073ceb28c1__exp__1297205313
d:\documents and settings\c parker\Application Data\WhiteSmokeTranslator
d:\documents and settings\c parker\Local Settings\Application Data\{4DBFEAC8-3C9C-4BCC-B4CD-A1CD8AC8FD4E}
d:\documents and settings\c parker\Local Settings\Application Data\{4DBFEAC8-3C9C-4BCC-B4CD-A1CD8AC8FD4E}\chrome\content\_cfg.js
d:\documents and settings\c parker\Local Settings\Application Data\{4DBFEAC8-3C9C-4BCC-B4CD-A1CD8AC8FD4E}\chrome\content\overlay.xul
d:\documents and settings\c parker\Local Settings\Application Data\{4DBFEAC8-3C9C-4BCC-B4CD-A1CD8AC8FD4E}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-09 21:08 . 2011-03-09 21:08 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2011-03-09 21:03 . 2011-03-09 21:03 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2011-03-09 21:02 . 2011-03-09 21:09 -------- d-----w- d:\documents and settings\cody parker\Local Settings\Application Data\Google
2011-03-09 21:02 . 2011-03-09 21:06 -------- d-----w- d:\program files\Google
2011-03-08 05:13 . 2011-03-08 05:13 -------- d-----w- D:\$AVG
2011-03-08 04:49 . 2011-03-08 04:49 -------- d-----w- d:\documents and settings\c parker\Application Data\AVG10
2011-03-08 04:47 . 2011-03-08 04:47 -------- d--h--w- d:\documents and settings\All Users\Application Data\Common Files
2011-03-08 04:44 . 2011-03-10 20:11 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG10
2011-03-08 04:43 . 2011-03-10 20:21 -------- d-----w- d:\program files\AVG
2011-03-08 04:06 . 2011-03-08 04:43 -------- d-----w- d:\documents and settings\All Users\Application Data\MFAData
2011-03-05 23:30 . 2011-03-05 23:30 472808 ----a-w- d:\d\system32\deployJava1.dll
2011-03-05 23:27 . 2011-03-05 23:27 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2011-03-05 03:48 . 2011-03-05 03:48 -------- d-----w- d:\d\system32\wbem\Repository
2011-03-05 00:13 . 2011-03-05 00:13 -------- d-----w- d:\program files\AVAST Software
2011-03-05 00:13 . 2011-03-05 00:13 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
2011-03-02 00:15 . 2011-03-02 00:15 -------- d-----w- d:\documents and settings\c parker\Application Data\InstallShield Installation Information
2011-03-01 23:15 . 2011-03-01 23:15 -------- d-----w- d:\documents and settings\c parker\Application Data\My Games
2011-03-01 22:56 . 2011-03-01 22:56 -------- d-----w- d:\program files\Firaxis Games
2011-03-01 22:56 . 2005-04-04 05:02 69714 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-01 22:56 . 2005-04-04 05:01 274432 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-01 22:56 . 2005-04-04 05:00 184320 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-01 22:56 . 2005-04-04 04:59 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-01 22:56 . 2011-03-01 22:56 200836 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-01 22:56 . 2005-04-04 05:02 753664 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-01 22:56 . 2011-03-01 22:56 331908 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-01 21:00 . 2011-03-01 21:00 -------- d-----w- d:\d\system32\QuickTime
2011-02-19 22:09 . 2011-02-19 22:19 -------- d-----w- d:\program files\Browser Hijack Recover
2011-02-17 05:27 . 2011-03-01 20:55 -------- d-----w- d:\documents and settings\All Users\Application Data\SecTaskMan
2011-02-17 05:26 . 2011-03-01 20:55 -------- d-----w- d:\program files\Security Task Manager
2011-02-17 04:58 . 2011-02-17 04:58 -------- d-----w- d:\program files\Trend Micro
2011-02-17 03:10 . 2011-02-17 03:10 -------- d-----w- d:\program files\Common Files\Java
2011-02-17 01:34 . 2011-02-17 01:34 -------- d-----w- d:\documents and settings\c parker\Application Data\Malwarebytes
2011-02-17 01:32 . 2011-03-01 20:54 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-02-15 04:40 . 2011-02-15 04:40 28752 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23F58399-17F5-4891-84C8-0773FC76CE12}\MpKsld2739c0c.sys
2011-02-14 04:40 . 2011-02-14 04:44 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- d:\documents and settings\Default User\Application Data\Apple Computer
2011-02-14 04:36 . 2011-02-14 04:40 -------- d-----w- d:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-13 23:46 . 2011-03-05 00:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2011-02-13 23:46 . 2011-02-13 23:46 -------- d-----w- d:\program files\Alwil Software
2011-02-13 06:33 . 2011-02-02 23:11 222080 ------w- d:\d\system32\MpSigStub.exe
2011-02-13 06:33 . 2011-02-02 23:10 5890896 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23F58399-17F5-4891-84C8-0773FC76CE12}\mpengine.dll
2011-02-12 19:14 . 2011-02-12 19:14 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2011-02-12 00:03 . 2011-02-12 00:03 -------- d-----w- d:\program files\Hasbro
2011-02-11 21:46 . 2011-02-11 21:46 -------- d-----w- d:\documents and settings\All Users\Application Data\Trymedia
2011-02-11 21:37 . 2011-02-11 21:46 -------- d-----w- d:\documents and settings\c parker\Application Data\GetRightToGo
2011-02-11 16:28 . 2011-02-11 16:28 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2011-02-11 07:53 . 2011-02-11 07:57 -------- d-----w- d:\documents and settings\c parker\Application Data\Apple Computer
2011-02-11 07:52 . 2009-05-18 19:17 26600 ----a-w- d:\d\system32\drivers\GEARAspiWDM.sys
2011-02-11 07:52 . 2008-04-17 18:12 107368 ----a-w- d:\d\system32\GEARAspi.dll
2011-02-11 07:51 . 2011-02-11 07:52 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-11 07:50 . 2011-02-11 07:50 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-11 07:49 . 2011-03-01 20:40 -------- d-----w- d:\program files\QuickTime
2011-02-11 07:48 . 2011-02-11 07:48 -------- d-----w- d:\documents and settings\c parker\Local Settings\Application Data\Apple
2011-02-11 07:47 . 2011-03-01 20:41 -------- d-----w- d:\program files\Common Files\Apple
2011-02-11 07:46 . 2011-02-11 07:53 -------- d-----w- d:\documents and settings\c parker\Local Settings\Application Data\Apple Computer
2011-02-11 05:04 . 2011-02-11 05:04 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Identities
2011-02-09 13:53 . 2011-02-09 13:53 270848 -c----w- d:\d\system32\dllcache\sbe.dll
2011-02-09 13:53 . 2011-02-09 13:53 186880 -c----w- d:\d\system32\dllcache\encdec.dll
2011-02-08 21:48 . 2011-02-08 21:48 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-02-08 21:48 . 2011-02-11 16:28 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Brothersoft
2011-02-08 21:48 . 2011-02-08 21:48 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\IECompatCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 23:30 . 2010-12-22 06:56 73728 ----a-w- d:\d\system32\javacpl.cpl
2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- d:\d\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- d:\d\system32\encdec.dll
2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- d:\d\system32\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- d:\d\system32\xvidcore.dll
2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- d:\d\system32\FLT_ffdshow.dll
2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- d:\d\system32\ffdshow.ax
2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- d:\d\system32\ff_libfaad2.dll
2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- d:\d\system32\TomsMoComp_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- d:\d\system32\ff_libdts.dll
2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- d:\d\system32\ff_samplerate.dll
2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- d:\d\system32\ff_libmad.dll
2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- d:\d\system32\libmpeg2_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- d:\d\system32\ff_unrar.dll
2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- d:\d\system32\ff_liba52.dll
2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- d:\d\system32\ff_wmv9.dll
2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- d:\d\system32\ff_vfw.dll
2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- d:\d\system32\ffmpeg.dll
2011-02-02 07:58 . 2010-12-14 00:52 2067456 ----a-w- d:\d\system32\mstscax.dll
2011-01-27 11:57 . 2010-12-14 00:52 677888 ----a-w- d:\d\system32\mstsc.exe
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- d:\d\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- d:\d\system32\atmfd.dll
2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- d:\d\system32\win32k.sys
2010-12-25 17:53 . 2001-08-23 12:00 24576 ----a-w- d:\d\system32\userinit.exe
2010-12-25 06:52 . 2010-12-25 06:52 98392 ----a-w- d:\d\system32\drivers\SBREDrv.sys
2010-12-23 20:17 . 2010-12-23 20:17 108144 ----a-w- d:\d\system32\CmdLineExt.dll
2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- d:\d\system32\kerberos.dll
2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- d:\d\system32\wininet.dll
2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- d:\d\system32\licmgr10.dll
2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- d:\d\system32\inetcpl.cpl
2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- d:\d\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- d:\d\system32\html.iec
2010-12-14 05:54 . 2010-12-14 05:54 682232 ----a-w- d:\d\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "d:\program files\Brothersoft\tbBro0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-12-09 18:51 3911776 ----a-w- d:\program files\Brothersoft\tbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "d:\program files\Brothersoft\tbBro0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "d:\program files\Brothersoft\tbBro0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-22 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LVCOMSX"="d:\d\system32\LVCOMSX.EXE" [2005-12-09 225280]
"NvCplDaemon"="d:\d\system32\NvCpl.dll" [2008-07-24 8491008]
"nwiz"="nwiz.exe" [2008-07-24 1626112]
"NvMediaCenter"="d:\d\system32\NvMcTray.dll" [2008-07-24 81920]
"M-Audio Taskbar Icon"="d:\d\System32\M-AudioTaskBarIcon.exe" [2006-07-12 103424]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 Lbd;Lbd;d:\d\system32\drivers\Lbd.sys [12/13/2010 11:37 PM 64288]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 MAudioConectivService;M-Audio Conectiv Installer;d:\program files\M-Audio\Conectiv\MAUSBCVInst.exe [1/8/2011 9:27 PM 57344]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 3:03 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MADFU;MADFU;d:\d\system32\drivers\MADFU.sys [1/8/2011 9:27 PM 16512]
S3 MAUSBML;Service for M-Audio Conectiv (WDM);d:\d\system32\drivers\mausbcv.sys [1/8/2011 9:27 PM 110592]
S3 nk_bus;Nokia USB Bus Service;d:\d\system32\drivers\nk_bus.sys [8/10/2007 5:08 PM 22144]
S4 sptd;sptd;d:\d\system32\drivers\sptd.sys [12/13/2010 11:54 PM 682232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 d:\d\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 21:02]
.
2011-03-10 d:\d\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 21:02]
.
2011-03-10 d:\d\Tasks\User_Feed_Synchronization-{36A7AE58-8520-4787-B6B1-472888BDD0D6}.job
- d:\d\system32\msfeedssync.exe [2009-03-08 10:31]
.
2011-03-09 d:\d\Tasks\Windows Codec Update Service.job
- d:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-21 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
IE: eBay Search - d:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 14:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1644491937-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,4c,5a,3b,3e,a6,c3,ad,af,ab,75,5f,3b,fc,cb,31,8a,0b,0c,12,72,49,6c,
0d,68,4c,8e,f4,ce,54,f5,24,6a,84,00,d9,af,a9,2b,5c,4f,6d,e9,d1,bc,17,35,dc,\
"??"=hex:4c,23,68,ea,66,1a,f5,36,ec,8a,db,19,bd,e7,97,b1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\D\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\D\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\d\system32\WININET.dll
.
Completion time: 2011-03-10 14:46:50
ComboFix-quarantined-files.txt 2011-03-10 20:46
.
Pre-Run: 7,836,700,672 bytes free
Post-Run: 8,510,984,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(2)\D
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(2)\D="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CE97C960608920331180D80F2970DBF9

Edited by 318fella, 10 March 2011 - 05:38 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 11 March 2011 - 03:09 PM

Good evening. :)

Always nice to get a result. I think a quick online scan for a second opinion and then a tidy-up and you'll be on your way.

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you UNCHECK the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#9 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 13 March 2011 - 11:12 AM

eset scan didn't find anything. my computer is actin normal again and here is the log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by cody parker at 11:07:46.76 on Sun 03/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1081 [GMT -5:00]
.
.
============== Running Processes ===============
.
D:\D\system32\svchost -k DcomLaunch
svchost.exe
D:\D\System32\svchost.exe -k netsvcs
D:\D\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\D\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\D\Explorer.EXE
D:\D\SOUNDMAN.EXE
D:\D\system32\LVCOMSX.EXE
D:\D\system32\RUNDLL32.EXE
D:\D\System32\M-AudioTaskBarIcon.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
D:\D\system32\nvsvc32.exe
D:\D\System32\svchost.exe -k imgsvc
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\cody parker\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - d:\program files\brothersoft\tbBro0.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LVCOMSX] d:\d\system32\LVCOMSX.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\d\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\d\system32\NvMcTray.dll,NvTaskbarInit
mRun: [M-Audio Taskbar Icon] d:\d\system32\M-AudioTaskBarIcon.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
IE: eBay Search - d:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292290174780
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292290157421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\d\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;d:\d\system32\drivers\Lbd.sys [2010-12-14 64288]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 MAudioConectivService;M-Audio Conectiv Installer;d:\program files\m-audio\conectiv\MAUSBCVInst.exe [2011-1-8 57344]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\program files\lavasoft\ad-aware\kernexplorer.sys --> d:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MADFU;MADFU;d:\d\system32\drivers\MADFU.sys [2011-1-8 16512]
S3 MAUSBML;Service for M-Audio Conectiv (WDM);d:\d\system32\drivers\mausbcv.sys [2011-1-8 110592]
S3 nk_bus;Nokia USB Bus Service;d:\d\system32\drivers\nk_bus.sys [2007-8-10 22144]
S3 nk_flt;Nokia USB Filter Service;d:\d\system32\drivers\nk_flt.sys [2007-8-27 3328]
S3 nk_prt;Nokia USB Port Service;d:\d\system32\drivers\nk_prt.sys [2007-8-31 38656]
.
=============== Created Last 30 ================
.
2011-03-12 23:38:15 -------- d-----w- d:\program files\Nokia
2011-03-12 23:18:29 -------- d-----w- d:\docume~1\alluse~1\applic~1\V CAST Media Manager
2011-03-10 20:23:58 98816 ----a-w- d:\d\sed.exe
2011-03-10 20:23:58 89088 ----a-w- d:\d\MBR.exe
2011-03-10 20:23:58 256512 ----a-w- d:\d\PEV.exe
2011-03-10 20:23:58 161792 ----a-w- d:\d\SWREG.exe
2011-03-09 21:02:58 -------- d-----w- d:\docume~1\cpa~1\locals~1\applic~1\Google
2011-03-08 05:13:58 -------- d-----w- D:\$AVG
2011-03-08 04:49:48 -------- d-----w- d:\docume~1\cpa~1\applic~1\AVG10
2011-03-08 04:47:13 -------- d--h--w- d:\docume~1\alluse~1\applic~1\Common Files
2011-03-08 04:44:27 -------- d-----w- d:\docume~1\alluse~1\applic~1\AVG10
2011-03-08 04:43:02 -------- d-----w- d:\program files\AVG
2011-03-08 04:06:54 -------- d-----w- d:\docume~1\alluse~1\applic~1\MFAData
2011-03-05 23:30:51 472808 ----a-w- d:\d\system32\deployJava1.dll
2011-03-05 03:48:01 -------- d-----w- d:\d\system32\wbem\repository\FS
2011-03-05 03:48:01 -------- d-----w- d:\d\system32\wbem\Repository
2011-03-05 00:13:33 -------- d-----w- d:\program files\AVAST Software
2011-03-05 00:13:33 -------- d-----w- d:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-01 23:15:07 -------- d-----w- d:\docume~1\cpa~1\applic~1\My Games
2011-03-01 22:56:39 -------- d-----w- d:\program files\Firaxis Games
2011-03-01 22:56:11 69714 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-01 22:56:11 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-01 22:56:11 274432 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-01 22:56:11 184320 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-01 22:56:10 753664 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-01 22:56:10 200836 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-01 22:56:09 331908 ----a-w- d:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-01 21:00:21 -------- d-----w- d:\d\system32\QuickTime
2011-03-01 20:59:30 -------- d-----w- d:\program files\M-Audio Conectiv
2011-03-01 20:59:28 -------- d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-01 20:58:16 -------- d-----w- d:\program files\Microsoft Security Client
2011-03-01 02:27:19 -------- d-----w- d:\d\system32\custom matrices
2011-03-01 02:27:08 -------- d-----w- d:\d\system32\C2MP
2011-02-23 01:43:42 -------- d-----w- d:\docume~1\cpa~1\applic~1\vShare
2011-02-21 20:21:37 217088 ----a-w- d:\program files\common files\installshield\iscript\IScript.dll
2011-02-21 20:21:37 217088 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-02-21 20:21:36 77824 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-02-21 20:21:36 32768 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-02-20 17:54:33 -------- d-----w- d:\docume~1\cpa~1\applic~1\SUPERAntiSpyware.com
2011-02-20 17:54:04 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-02-19 22:09:53 -------- d-----w- d:\program files\Browser Hijack Recover
2011-02-17 05:27:13 -------- d-----w- d:\docume~1\alluse~1\applic~1\SecTaskMan
2011-02-17 05:26:53 -------- d-----w- d:\program files\Security Task Manager
2011-02-17 04:58:15 -------- d-----w- d:\program files\Trend Micro
2011-02-17 01:34:11 -------- d-----w- d:\docume~1\cpa~1\applic~1\Malwarebytes
2011-02-17 01:32:35 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-02-15 04:40:36 28752 ----a-w- d:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{23f58399-17f5-4891-84c8-0773fc76ce12}\MpKsld2739c0c.sys
2011-02-13 23:46:00 -------- d-----w- d:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-13 06:33:25 5890896 ----a-w- d:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{23f58399-17f5-4891-84c8-0773fc76ce12}\mpengine.dll
2011-02-13 06:33:25 222080 ------w- d:\d\system32\MpSigStub.exe
2011-02-12 00:03:53 -------- d-----w- d:\program files\Hasbro
2011-02-11 21:46:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2011-02-11 21:37:22 -------- d-----w- d:\docume~1\codypa~1\applic~1\GetRightToGo
.
==================== Find3M ====================
.
2011-03-05 23:30:25 73728 ----a-w- d:\d\system32\javacpl.cpl
2011-02-09 13:53:52 270848 ------w- d:\d\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- d:\d\system32\encdec.dll
2011-02-07 17:45:52 80896 ----a-w- d:\d\system32\ff_vfw.dll
2011-02-07 17:39:02 4166551 ----a-w- d:\d\system32\ffmpeg.dll
2011-02-07 09:17:53 0 ----a-w- d:\d\Aqohujitif.bin
2011-02-02 07:58:35 2067456 ----a-w- d:\d\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- d:\d\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- d:\d\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- d:\d\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- d:\d\system32\win32k.sys
2010-12-25 17:53:05 24576 ----a-w- d:\d\system32\userinit.exe
2010-12-23 20:17:10 108144 ----a-w- d:\d\system32\CmdLineExt.dll
2010-12-22 12:34:28 301568 ----a-w- d:\d\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- d:\d\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- d:\d\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- d:\d\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- d:\d\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- d:\d\system32\html.iec
.
============= FINISH: 11:08:48.43 ===============

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 13 March 2011 - 03:36 PM

Good evening. :)

You need to get your AV back up and running and do the following and you're done.

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three (all of which i've used at one time or another) :

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#11 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 March 2011 - 02:28 PM

i have another problem i hope you can address. before i came here i tryed to fix this virus you just helped me remove (again thank you). so i installed hijackthis and ran it but couldn't figure it out so i removed it and did system restore,but under add/remove programs it appears its still there. when i click remove trying to remove the program it says "the feature you are trying to use is on a network resource that is unavailable" also saiys "Click OK to try again, or enter an alternate path to a folder containing the installation package "HijackThis[1].msi' in the box below" also when i try to reinstall it from their web site it says the same thing. can you help me?

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 14 March 2011 - 02:40 PM

Good evening. :)

Download RegQuery from here and save it to your Desktop.
  • Double click the file to run it.
  • Copy the following keyname to your clipboard - either CTRL + C or right click will do.

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  • Click Paste from Clipboard and then Query.
  • A Notepad window should open with some text it - either that or you'll get a pop-up telling you to check the keyname.
  • Let me have the contents of the file in your next reply.

You may need to save the file, zip it up and then attach it in your next reply, depending on the file size.

So long, and thanks for all the fish.

 

 


#13 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 March 2011 - 03:10 PM

i got a pop up saying check the keyname

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 14 March 2011 - 03:26 PM

Can you download the stand-alone HJT file from here and get it to run?

So long, and thanks for all the fish.

 

 


#15 318fella

318fella
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 March 2011 - 03:53 PM

Can you download the stand-alone HJT file from here and get it to run?


yes. but it is still in the add/remove programs section with a lttle computer beside it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users