Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer appears to be infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 rogersjj

rogersjj

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:17 PM

Posted 07 May 2011 - 08:50 AM

I have tried several virus removal softwares. They remove apparent viruses but does very little to help. Computer runs slow and even seems to stop at times. I keep getting the message Generic Host Prscess for Win 32 Services has encountered a problem and needs to close. I get ramdonly redirected when on the internet. Below are the following logs: DDS, Attach, and ComboFix. I hope someone can help me without me having to throw out my computer.
DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Janel Rogers at 18:50:25.25 on Wed 04/27/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1120 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Janel Rogers\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PMX Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Bdubume] rundll32.exe "c:\windows\ajepixohay.dll",Startup
StartupFolder: c:\docume~1\janelr~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Fashion%20Dash/Images/armhelper.ocx
Filter: AutorunsDisabled\text/html - {1cd31100-d036-4ed2-b83b-3576e8a1cb21} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs: winmm.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-4-23 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-4-23 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-19 802936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-4-23 136312]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-4-23 130000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-11-14 583640]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-7-22 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-7-22 143968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-23 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110425.001\IDSXpx86.sys [2011-4-25 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110427.002\NAVENG.SYS [2011-4-27 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110427.002\NAVEX15.SYS [2011-4-27 1393144]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-7-31 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-7-31 14336]
S2 gupdate1ca31b6c5d5b46a;Google Update Service (gupdate1ca31b6c5d5b46a);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2009-8-29 69120]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-18 30192]
.
=============== Created Last 30 ================
.
2011-04-27 23:30:52 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-04-27 23:30:49 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-04-27 23:30:48 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-04-27 23:30:45 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-04-27 23:30:43 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-04-27 23:30:23 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-04-27 23:30:20 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-04-27 23:30:18 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-04-27 23:30:15 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-04-27 23:30:13 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-04-27 23:28:55 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-04-27 23:27:57 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-04-27 23:26:57 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-04-27 23:25:59 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-04-27 23:24:59 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-04-27 23:23:59 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-04-27 23:22:57 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-04-27 23:21:58 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2011-04-27 23:20:58 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-04-27 23:19:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-04-27 23:18:59 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-04-27 23:17:58 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-04-27 23:16:58 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2011-04-27 23:15:58 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-04-27 23:14:58 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-04-27 23:13:59 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2011-04-27 23:12:54 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-04-27 23:11:59 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2011-04-27 23:10:59 32256 ----a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-04-27 23:09:57 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-04-27 23:08:43 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-04-27 23:08:31 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-04-27 23:08:27 2192768 ----a-w- c:\windows\system32\dllcache\OLDF0.tmp
2011-04-27 23:08:18 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-04-27 23:08:18 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-04-27 23:08:17 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-04-27 23:08:16 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-04-27 23:08:16 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-04-27 23:08:15 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-04-24 12:28:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-24 12:28:38 -------- d-----w- c:\docume~1\janelr~1\applic~1\SUPERAntiSpyware.com
2011-04-24 12:28:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-24 00:56:26 330360 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-04-24 00:56:24 368248 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdi.sys
2011-04-24 00:56:23 295032 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-04-24 00:56:19 652336 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symefa.sys
2011-04-24 00:56:18 340016 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symds.sys
2011-04-24 00:56:17 50168 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-04-24 00:56:16 509560 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-04-24 00:56:14 136312 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys
2011-04-24 00:40:29 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-04-24 00:01:40 -------- d-----w- c:\docume~1\janelr~1\applic~1\Windows Search
2011-04-23 22:34:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-04-23 22:34:27 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-23 22:34:27 -------- d-----w- c:\program files\Symantec
2011-04-23 22:33:57 -------- d-----w- c:\windows\system32\drivers\NIS
2011-04-23 22:33:55 -------- d-----w- c:\program files\Norton Internet Security
2011-04-23 22:29:17 -------- d-----w- c:\program files\NortonInstaller
2011-04-22 23:54:50 0 ----a-w- c:\windows\Ejaru.bin
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5CC730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5d2a10]; MOV EAX, [0x8a5d2a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A65EAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006b[0x8A69E300]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A66A940]
\Driver\atapi[0x8A65B270] -> IRP_MJ_CREATE -> 0x8A5CC730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5CC57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:52:24.29 ===============


Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2008 7:20:01 PM
System Uptime: 4/27/2011 5:56:50 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 1196/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 206.098 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP143: 1/24/2011 5:11:14 PM - System Checkpoint
RP144: 1/25/2011 5:15:44 PM - System Checkpoint
RP145: 1/26/2011 5:50:22 PM - System Checkpoint
RP146: 1/26/2011 7:12:23 PM - Installed Windows XP KB915800-v4.
RP147: 1/26/2011 7:12:44 PM - Installed Windows XP Windows Search 4.0.
RP148: 1/29/2011 11:43:29 AM - System Checkpoint
RP149: 1/30/2011 11:12:57 AM - Software Distribution Service 3.0
RP150: 2/1/2011 5:24:09 AM - System Checkpoint
RP151: 2/2/2011 4:37:44 PM - System Checkpoint
RP152: 2/3/2011 6:19:02 PM - System Checkpoint
RP153: 2/4/2011 7:27:36 PM - System Checkpoint
RP154: 2/5/2011 7:35:41 PM - System Checkpoint
RP155: 2/6/2011 10:54:26 PM - System Checkpoint
RP156: 2/8/2011 1:43:15 AM - System Checkpoint
RP157: 2/9/2011 6:42:53 AM - System Checkpoint
RP158: 2/10/2011 6:18:43 AM - Software Distribution Service 3.0
RP159: 2/13/2011 8:43:38 AM - System Checkpoint
RP160: 2/15/2011 5:08:43 PM - System Checkpoint
RP161: 2/16/2011 8:07:03 PM - System Checkpoint
RP162: 2/19/2011 4:34:14 PM - System Checkpoint
RP163: 2/20/2011 5:22:10 PM - System Checkpoint
RP164: 2/21/2011 7:56:27 PM - System Checkpoint
RP165: 2/22/2011 9:41:14 PM - System Checkpoint
RP166: 2/24/2011 1:41:14 AM - System Checkpoint
RP167: 2/25/2011 1:41:21 AM - System Checkpoint
RP168: 2/26/2011 5:41:14 AM - System Checkpoint
RP169: 2/27/2011 9:41:18 AM - System Checkpoint
RP170: 2/27/2011 2:30:40 PM - Removed Youda Farmer
RP171: 2/27/2011 2:38:58 PM - Installed Rosetta Stone Homeschool
RP172: 2/28/2011 7:07:22 PM - System Checkpoint
RP173: 3/6/2011 7:55:38 PM - System Checkpoint
RP174: 3/7/2011 10:13:55 PM - System Checkpoint
RP175: 3/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP176: 3/9/2011 7:10:24 AM - System Checkpoint
RP177: 3/10/2011 4:44:20 PM - Software Distribution Service 3.0
RP178: 3/11/2011 6:16:04 PM - System Checkpoint
RP179: 3/12/2011 10:08:14 PM - System Checkpoint
RP180: 3/14/2011 1:31:07 AM - System Checkpoint
RP181: 3/15/2011 5:37:30 AM - System Checkpoint
RP182: 3/16/2011 5:40:33 AM - System Checkpoint
RP183: 3/17/2011 9:28:33 AM - System Checkpoint
RP184: 3/18/2011 10:13:41 AM - System Checkpoint
RP185: 3/19/2011 1:40:33 PM - System Checkpoint
RP186: 3/20/2011 7:02:06 PM - System Checkpoint
RP187: 3/21/2011 9:38:15 PM - System Checkpoint
RP188: 3/22/2011 11:02:26 PM - System Checkpoint
RP189: 3/24/2011 12:36:35 AM - System Checkpoint
RP190: 3/24/2011 3:00:15 AM - Software Distribution Service 3.0
RP191: 3/25/2011 6:52:07 PM - System Checkpoint
RP192: 3/26/2011 7:26:56 PM - System Checkpoint
RP193: 3/28/2011 6:30:39 PM - System Checkpoint
RP194: 3/29/2011 8:42:58 PM - System Checkpoint
RP195: 3/30/2011 9:13:39 PM - System Checkpoint
RP196: 4/1/2011 12:53:42 AM - System Checkpoint
RP197: 4/2/2011 7:42:19 AM - System Checkpoint
RP198: 4/3/2011 11:50:43 AM - System Checkpoint
RP199: 4/4/2011 3:25:43 PM - System Checkpoint
RP200: 4/7/2011 6:47:06 AM - System Checkpoint
RP201: 4/8/2011 10:26:39 AM - System Checkpoint
RP202: 4/9/2011 2:25:34 PM - System Checkpoint
RP203: 4/10/2011 2:58:38 PM - System Checkpoint
RP204: 4/11/2011 6:25:33 PM - System Checkpoint
RP205: 4/12/2011 10:25:34 PM - System Checkpoint
RP206: 4/14/2011 2:25:34 AM - System Checkpoint
RP207: 4/15/2011 2:25:41 AM - System Checkpoint
RP208: 4/16/2011 8:55:33 AM - Software Distribution Service 3.0
RP209: 4/17/2011 9:22:48 AM - System Checkpoint
RP210: 4/20/2011 7:47:45 AM - System Checkpoint
RP211: 4/21/2011 6:24:50 AM - Software Distribution Service 3.0
RP212: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP213: 4/23/2011 10:00:08 AM - System Checkpoint
RP214: 4/24/2011 1:28:57 PM - System Checkpoint
RP215: 4/27/2011 5:44:54 AM - Removed Live! Cam Avatar Creator
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
BPDSoftware
BPDSoftware_Ini
BufferChm
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
Dell Webcam Central
DeviceDiscovery
DING!
Documentation & Support Launcher
FaxTools
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GPBaseService2
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Officejet Pro 8000 A809 Series
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
Intel® PRO Network Connections Drivers
Internet Service Offers Launcher
Java™ 6 Update 5
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Mouse Suite for Desktop Computers
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
myPrintMileage (Officejet Pro 8000 A809)
NetJet 2.0
Network
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OTOY
PowerDVD
ProductContext
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 10.0
Rosetta Stone Homeschool
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Walmart MP3 Music Downloads
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/27/2011 6:30:54 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
4/27/2011 6:08:00 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
4/26/2011 6:00:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/26/2011 6:00:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/26/2011 5:38:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/26/2011 5:29:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/26/2011 5:28:30 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/26/2011 4:14:24 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/25/2011 5:05:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/25/2011 4:36:16 PM, error: Print [23] - Printer Dell AIO Printer A920,0 failed to initialize because a suitable Dell AIO Printer A920 driver could not be found.
.
==== End Of File ===========================

ComboFix
ComboFix 11-04-30.05 - Janel Rogers 05/07/2011 7:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1335 [GMT -5:00]
Running from: c:\documents and settings\Janel Rogers\Desktop\ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Yahoo!
c:\documents and settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST\plugin.properties
c:\documents and settings\Ethan Hulke\Application Data\Adobe\plugs
c:\documents and settings\Ethan Hulke\Application Data\Adobe\shed
c:\documents and settings\Ethan Hulke\Application Data\Yahoo!
c:\documents and settings\Janel Rogers\Application Data\Yahoo!
c:\documents and settings\NetworkService\Application Data\Yahoo!
c:\documents and settings\Olivia Hulke\Application Data\.#
c:\documents and settings\Olivia Hulke\Application Data\Yahoo!
c:\documents and settings\Olivia Hulke\Favorites\Videos.url
c:\program files\Common
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-04-30 18:40 . 2011-05-01 11:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-27 23:30 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-04-27 23:30 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-04-27 23:30 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-04-27 23:30 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-04-27 23:30 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-04-27 23:30 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-04-27 23:30 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-04-27 23:30 . 2004-08-04 02:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-04-27 23:30 . 2004-08-04 02:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-04-27 23:30 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-04-27 23:28 . 2001-08-17 18:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-04-27 23:27 . 2004-08-04 10:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-04-27 23:26 . 2001-08-17 18:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-04-27 23:25 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-04-27 23:24 . 2001-08-17 17:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-04-27 23:23 . 2001-08-17 19:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-04-27 23:22 . 2001-08-17 18:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-04-27 23:21 . 2004-08-04 02:06 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2011-04-27 23:20 . 2001-08-18 03:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-04-27 23:19 . 2001-08-18 03:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-04-27 23:18 . 2008-04-13 17:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-04-27 23:17 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-04-27 23:16 . 2001-08-18 03:36 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2011-04-27 23:15 . 2001-08-18 03:36 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-04-27 23:14 . 2001-08-17 17:15 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-04-27 23:13 . 2001-08-17 17:17 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2011-04-27 23:12 . 2001-08-17 17:11 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-04-27 23:11 . 2001-08-17 18:50 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2011-04-27 23:10 . 2001-08-18 03:36 32256 ----a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-04-27 23:09 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-04-27 23:08 . 2004-08-04 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-04-27 23:08 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-04-27 23:08 . 2004-08-04 10:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-04-27 23:08 . 2004-08-04 10:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-04-27 23:08 . 2004-08-04 10:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-04-27 23:08 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-04-27 23:08 . 2004-08-04 10:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-04-27 23:08 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-04-24 17:27 . 2011-04-24 17:43 -------- d-----w- c:\documents and settings\Ethan Hulke\Application Data\Skype
2011-04-24 12:57 . 2011-04-24 12:57 -------- d-----w- c:\documents and settings\Ethan Hulke\Application Data\SUPERAntiSpyware.com
2011-04-24 12:28 . 2011-04-24 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-24 12:28 . 2011-04-24 12:28 -------- d-----w- c:\documents and settings\Janel Rogers\Application Data\SUPERAntiSpyware.com
2011-04-24 12:28 . 2011-04-24 12:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-24 12:05 . 2011-04-24 12:05 -------- d-----w- c:\documents and settings\Ethan Hulke\Application Data\Windows Search
2011-04-24 11:13 . 2011-04-24 11:13 -------- d-----w- c:\documents and settings\Ethan Hulke\Application Data\Symantec
2011-04-24 00:01 . 2011-04-24 00:01 -------- d-----w- c:\documents and settings\Janel Rogers\Application Data\Windows Search
2011-04-23 22:34 . 2011-04-23 22:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-04-23 22:34 . 2011-04-23 22:34 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-23 22:34 . 2011-04-23 22:34 -------- d-----w- c:\program files\Symantec
2011-04-23 22:33 . 2011-04-24 10:54 -------- d-----w- c:\windows\system32\drivers\NIS
2011-04-23 22:33 . 2011-04-23 22:33 -------- d-----w- c:\program files\Norton Internet Security
2011-04-23 22:33 . 2011-04-23 22:33 -------- d-----w- c:\program files\Windows Sidebar
2011-04-23 22:29 . 2011-04-23 22:29 -------- d-----w- c:\program files\NortonInstaller
2011-04-22 23:54 . 2011-05-07 11:38 0 ----a-w- c:\windows\Ejaru.bin
2011-04-22 23:54 . 2011-04-22 23:54 -------- d-----w- c:\documents and settings\Ethan Hulke\Local Settings\Application Data\{CBA36BA7-D080-45DE-958E-E3615824A05B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-11 22:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-11 22:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-11 22:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-11 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 20:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-11 22:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-11 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-11 22:11 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-11 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-21 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-17 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Bdubume"="c:\windows\ajepixohay.dll" [2008-04-14 274432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-06-17 16:05 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\symds.sys [4/23/2011 7:56 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\symefa.sys [4/23/2011 7:56 PM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [5/7/2011 6:46 AM 802936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\ironx86.sys [4/23/2011 7:56 PM 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [4/23/2011 7:41 PM 130000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/14/2010 4:27 PM 583640]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [7/22/2010 5:42 PM 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [7/22/2010 5:42 PM 143968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/23/2011 6:07 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [5/7/2011 6:46 AM 341944]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [7/31/2008 7:13 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [7/31/2008 7:13 PM 14336]
S2 gupdate1ca31b6c5d5b46a;Google Update Service (gupdate1ca31b6c5d5b46a);c:\program files\Google\Update\GoogleUpdate.exe [9/9/2009 8:33 PM 133104]
S3 Boonty Games;Boonty Games;c:\program files\Common Files\BOONTY Shared\Service\Boonty.exe [8/29/2009 5:58 PM 69120]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/18/2008 8:48 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/9/2009 8:33 PM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 01:33]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 01:33]
.
2011-04-28 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-11-14 14:46]
.
2011-05-07 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-11-14 14:46]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Filter: AutorunsDisabled\text/html - {1cd31100-d036-4ed2-b83b-3576e8a1cb21} -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 07:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5CB57B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-07 07:06:39
ComboFix-quarantined-files.txt 2011-05-07 12:06
.
Pre-Run: 221,132,763,136 bytes free
Post-Run: 221,974,220,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1B057F0992419397BF503EAB6420465D

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 PM

Posted 12 May 2011 - 03:36 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 PM

Posted 15 May 2011 - 07:14 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users