Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups and website redirecting


  • This topic is locked This topic is locked
21 replies to this topic

#1 Rob515

Rob515

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 14 May 2011 - 02:17 PM

Hi,
 
Thank you in advance for looking at my problem.  About 2 days ago I started getting pop-ups on websites that have always ran fine in the past.  Soon thereafter, I started getting website redirects.  One of the pop-ups appeared to be the Microsoft Recovery Malware.  Microsoft Security Essentials attempted to remove it and it seemed to help for a little bit, but then pop-ups resumed along with the website redirects.  I'm not able to go to the Microsoft Update website either.  Internet Explorer says its unable to display the page.  Also, Microsoft Security Essentials will no longer update its definitions.  I have also attempted to use the System Restore and that has failed too.  Any help that you could provide would be greatly appreciated. BTW, whatever Malware is on my computer, its not letting me post or attach any files to this forum. I am posting this from my iPad. As a result, I had to paste the requested logs. I can also email you these logs if it would be easier.

Thank You
 
DDS Log
 
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Robby & Melissa at  0:54:16.89 on Thu 05/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.180 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Robby & Melissa\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3447504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpeg4ax.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259629112187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274932151843
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38041.6117476852
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl26ff0475;MpKsl26ff0475;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKsl26ff0475.sys [2011-5-11 28752]
R1 MpKslcdcd4ca4;MpKslcdcd4ca4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKslcdcd4ca4.sys [2011-5-12 28752]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [2004-2-26 7552]
S1 MpKsl0597717b;MpKsl0597717b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cb849c8-8132-48f1-bbbe-1268a7348722}\mpksl0597717b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cb849c8-8132-48f1-bbbe-1268a7348722}\MpKsl0597717b.sys [?]
S1 MpKsl0fd3c3f8;MpKsl0fd3c3f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\mpksl0fd3c3f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKsl0fd3c3f8.sys [?]
S1 MpKsl116694de;MpKsl116694de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15006c6d-0302-4dee-a178-2d61dc1cddfc}\mpksl116694de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15006c6d-0302-4dee-a178-2d61dc1cddfc}\MpKsl116694de.sys [?]
S1 MpKsl167b2928;MpKsl167b2928;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3c6aa5c-4faa-404f-b61d-86ff15732e3e}\mpksl167b2928.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3c6aa5c-4faa-404f-b61d-86ff15732e3e}\MpKsl167b2928.sys [?]
S1 MpKsl2266c6b0;MpKsl2266c6b0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7142015e-10d4-4511-8bca-4734346f9298}\mpksl2266c6b0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7142015e-10d4-4511-8bca-4734346f9298}\MpKsl2266c6b0.sys [?]
S1 MpKsl37a32707;MpKsl37a32707;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0f663f4-f2f1-4d3a-9780-cfa0fd43fd23}\mpksl37a32707.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0f663f4-f2f1-4d3a-9780-cfa0fd43fd23}\MpKsl37a32707.sys [?]
S1 MpKsl37b65829;MpKsl37b65829;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{257f01ad-0cfc-4bae-a2cb-36c317ad77c8}\mpksl37b65829.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{257f01ad-0cfc-4bae-a2cb-36c317ad77c8}\MpKsl37b65829.sys [?]
S1 MpKsl3f67a36b;MpKsl3f67a36b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da3195ff-b63d-4ab5-bf0e-e2492ce089b6}\mpksl3f67a36b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da3195ff-b63d-4ab5-bf0e-e2492ce089b6}\MpKsl3f67a36b.sys [?]
S1 MpKsl40a99d9e;MpKsl40a99d9e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d83f101f-8c3b-4d5c-9dcd-b8a1b966cccb}\mpksl40a99d9e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d83f101f-8c3b-4d5c-9dcd-b8a1b966cccb}\MpKsl40a99d9e.sys [?]
S1 MpKsl43acccda;MpKsl43acccda;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73f4dda5-616f-49b2-a5ba-2b8900f9a8c7}\mpksl43acccda.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73f4dda5-616f-49b2-a5ba-2b8900f9a8c7}\MpKsl43acccda.sys [?]
S1 MpKsl46236b1e;MpKsl46236b1e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{781aedbe-658f-4edf-a1a7-30ae7de5f2a9}\mpksl46236b1e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{781aedbe-658f-4edf-a1a7-30ae7de5f2a9}\MpKsl46236b1e.sys [?]
S1 MpKsl4b6a9277;MpKsl4b6a9277;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f941f2d1-8160-49d5-9f02-bf14bde8e51a}\mpksl4b6a9277.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f941f2d1-8160-49d5-9f02-bf14bde8e51a}\MpKsl4b6a9277.sys [?]
S1 MpKsl4bb7900a;MpKsl4bb7900a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{730a3838-af22-4dc7-81cf-390f555c2c3f}\mpksl4bb7900a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{730a3838-af22-4dc7-81cf-390f555c2c3f}\MpKsl4bb7900a.sys [?]
S1 MpKsl5035ce86;MpKsl5035ce86;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc90b20-6dc4-4705-a3a9-c646fc1b9d56}\mpksl5035ce86.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc90b20-6dc4-4705-a3a9-c646fc1b9d56}\MpKsl5035ce86.sys [?]
S1 MpKsl54e0b092;MpKsl54e0b092;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\mpksl54e0b092.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\MpKsl54e0b092.sys [?]
S1 MpKsl589171bf;MpKsl589171bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a288af59-2f38-4087-8eeb-87d6c3810c7c}\mpksl589171bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a288af59-2f38-4087-8eeb-87d6c3810c7c}\MpKsl589171bf.sys [?]
S1 MpKsl74ef6e3c;MpKsl74ef6e3c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d72bf3e0-766f-46ed-9b13-4cf983d1f630}\mpksl74ef6e3c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d72bf3e0-766f-46ed-9b13-4cf983d1f630}\MpKsl74ef6e3c.sys [?]
S1 MpKsl767428dc;MpKsl767428dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d83f101f-8c3b-4d5c-9dcd-b8a1b966cccb}\mpksl767428dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d83f101f-8c3b-4d5c-9dcd-b8a1b966cccb}\MpKsl767428dc.sys [?]
S1 MpKsl7d3e3f30;MpKsl7d3e3f30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8444fa02-bb3d-41fa-981b-3f0cc0157592}\mpksl7d3e3f30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8444fa02-bb3d-41fa-981b-3f0cc0157592}\MpKsl7d3e3f30.sys [?]
S1 MpKsl7d595872;MpKsl7d595872;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{849e74af-09e6-402e-ba33-a4de97f9c386}\mpksl7d595872.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{849e74af-09e6-402e-ba33-a4de97f9c386}\MpKsl7d595872.sys [?]
S1 MpKsl80dd2cc9;MpKsl80dd2cc9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72ae4839-9c8c-492d-82f8-400b2969003e}\mpksl80dd2cc9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72ae4839-9c8c-492d-82f8-400b2969003e}\MpKsl80dd2cc9.sys [?]
S1 MpKsl821069c6;MpKsl821069c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae6dd4ae-8b53-4cfc-9def-3f2b875d29f4}\mpksl821069c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae6dd4ae-8b53-4cfc-9def-3f2b875d29f4}\MpKsl821069c6.sys [?]
S1 MpKsl87aaf8d4;MpKsl87aaf8d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\mpksl87aaf8d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\MpKsl87aaf8d4.sys [?]
S1 MpKsl8ff88da5;MpKsl8ff88da5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99fcc64e-542a-4c3b-9f41-6e12c3888612}\mpksl8ff88da5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99fcc64e-542a-4c3b-9f41-6e12c3888612}\MpKsl8ff88da5.sys [?]
S1 MpKsl937779ab;MpKsl937779ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4743987-62cb-405c-b3d8-5e57105f0de5}\mpksl937779ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4743987-62cb-405c-b3d8-5e57105f0de5}\MpKsl937779ab.sys [?]
S1 MpKsla900fe8c;MpKsla900fe8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\mpksla900fe8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ff0aeae-5e6b-4c72-83d4-1aff222a803e}\MpKsla900fe8c.sys [?]
S1 MpKsla97ea4f4;MpKsla97ea4f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c857091c-935d-4c11-87b7-a0f8410f8d73}\mpksla97ea4f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c857091c-935d-4c11-87b7-a0f8410f8d73}\MpKsla97ea4f4.sys [?]
S1 MpKslaed7ab7d;MpKslaed7ab7d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13b0ac6b-2f26-4cba-b02a-bb0edda242a4}\mpkslaed7ab7d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13b0ac6b-2f26-4cba-b02a-bb0edda242a4}\MpKslaed7ab7d.sys [?]
S1 MpKslb6182993;MpKslb6182993;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bc62b5f-caac-4d3f-9aed-a38d2c61398a}\mpkslb6182993.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bc62b5f-caac-4d3f-9aed-a38d2c61398a}\MpKslb6182993.sys [?]
S1 MpKslc356a204;MpKslc356a204;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60c726e9-3570-44df-b6e5-792c9d1264b0}\mpkslc356a204.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60c726e9-3570-44df-b6e5-792c9d1264b0}\MpKslc356a204.sys [?]
S1 MpKslc3cef87b;MpKslc3cef87b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc90b20-6dc4-4705-a3a9-c646fc1b9d56}\mpkslc3cef87b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc90b20-6dc4-4705-a3a9-c646fc1b9d56}\MpKslc3cef87b.sys [?]
S1 MpKsld19d35be;MpKsld19d35be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{509e6784-107f-42d2-a09d-6f9a5a2c6327}\mpksld19d35be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{509e6784-107f-42d2-a09d-6f9a5a2c6327}\MpKsld19d35be.sys [?]
S1 MpKsldb976c2d;MpKsldb976c2d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{392f80dd-b1fd-44f3-8a52-f5734d58458c}\mpksldb976c2d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{392f80dd-b1fd-44f3-8a52-f5734d58458c}\MpKsldb976c2d.sys [?]
S1 MpKslec19a0c0;MpKslec19a0c0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66a0d57d-1d5b-4101-9409-67cb907dd1c7}\mpkslec19a0c0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66a0d57d-1d5b-4101-9409-67cb907dd1c7}\MpKslec19a0c0.sys [?]
S1 MpKsleec13ba8;MpKsleec13ba8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce36eafb-68e9-4797-b17d-05c978c3f80d}\mpksleec13ba8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce36eafb-68e9-4797-b17d-05c978c3f80d}\MpKsleec13ba8.sys [?]
S1 MpKslf09b6f6a;MpKslf09b6f6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dc3899b-a274-4cc8-adaa-275ac725de42}\mpkslf09b6f6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dc3899b-a274-4cc8-adaa-275ac725de42}\MpKslf09b6f6a.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys --> c:\windows\system32\drivers\CSRBC01.sys [?]
S3 Pluvrram;Pluvrram;c:\windows\system32\drivers\ks.sys [2004-3-21 141056]
S4 Modefslaip;Modefslaip; [x]
S4 mrtRate;mrtRate; [x]
.
=============== Created Last 30 ================
.
2011-05-12 07:47:13​28752​----a-w-​c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKslcdcd4ca4.sys
2011-05-12 07:45:42​--------​d-----w-​c:\windows\system32\MpEngineStore
2011-05-12 06:14:17​--------​d-----w-​c:\program files\GridinSoft Trojan Killer
2011-05-12 05:46:03​28752​----a-w-​c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKsl26ff0475.sys
2011-05-12 05:36:01​28752​----a-w-​c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKsl951230a0.sys
2011-05-12 05:25:52​28752​----a-w-​c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\MpKsld189f3ed.sys
2011-05-12 05:18:19​--------​d-s---w-​C:\ComboFix
2011-05-12 02:07:19​98816​----a-w-​c:\windows\sed.exe
2011-05-12 02:07:19​161792​----a-w-​c:\windows\SWREG.exe
2011-05-11 23:03:43​7071056​----a-w-​c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{13485747-3e25-46f3-a7dc-64d1b47f8684}\mpengine.dll
2011-05-11 23:01:54​--------​d-----w-​c:\windows\system32\wbem\repository\FS
2011-05-11 23:01:54​--------​d-----w-​c:\windows\system32\wbem\Repository
2011-04-18 21:15:11​--------​d-----w-​c:\program files\iPod
2011-04-18 21:14:48​--------​d-----w-​c:\program files\iTunes
2011-04-18 21:09:38​--------​d-----w-​c:\program files\Bonjour
2011-04-16 09:40:23​--------​d-----w-​c:\docume~1\alluse~1\applic~1\hPi06511gFfGd06511
.
==================== Find3M  ====================
.
2011-04-06 23:20:16​91424​----a-w-​c:\windows\system32\dnssd.dll
2011-04-06 23:20:16​197920​----a-w-​c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16​107808​----a-w-​c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50​692736​----a-w-​c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06​420864​----a-w-​c:\windows\system32\vbscript.dll
2011-03-03 13:21:11​1857920​----a-w-​c:\windows\system32\win32k.sys
2011-02-22 23:06:29​916480​----a-w-​c:\windows\system32\wininet.dll
2011-02-22 23:06:29​43520​----a-w-​c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29​1469440​----a-w-​c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59​385024​----a-w-​c:\windows\system32\html.iec
2011-02-19 00:36:58​4184352​----a-w-​c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12​5120​----a-w-​c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39​290432​----a-w-​c:\windows\system32\atmfd.dll
2011-02-11 13:25:52​229888​----a-w-​c:\windows\system32\fxscover.exe
2004-08-04 07:56:57​73728​-csha-w-​c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120M0 rev.YAR51EW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x833824D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x833887f0]; MOV EAX, [0x8338886c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x83352AB8]
3 CLASSPNP[0xF8636FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8339DB98]
\Driver\atapi[0x8334D268] -> IRP_MJ_CREATE -> 0x833824D0
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8338231B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  0:56:32.90 ===============
 
 
Attach Log
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2004 2:13:28 PM
System Uptime: 5/12/2011 12:46:02 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0W2562
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 28.206 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 11/3/2010 12:24:51 AM - Software Distribution Service 3.0
RP38: 11/5/2010 3:36:59 PM - Removed BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone.
RP39: 11/8/2010 8:23:49 PM - Software Distribution Service 3.0
RP40: 11/10/2010 4:36:28 PM - Installed BlackBerry App World Browser Plugin
RP41: 11/19/2010 5:56:45 AM - Software Distribution Service 3.0
RP42: 12/3/2010 2:22:12 PM - Software Distribution Service 3.0
RP43: 12/20/2010 12:55:01 PM - Software Distribution Service 3.0
RP44: 12/30/2010 10:45:41 PM - Software Distribution Service 3.0
RP45: 1/6/2011 12:07:44 PM - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
RP46: 1/15/2011 12:12:43 AM - Software Distribution Service 3.0
RP47: 1/29/2011 1:06:53 PM - Software Distribution Service 3.0
RP48: 1/29/2011 1:22:21 PM - Removed Symantec AntiVirus
RP49: 1/29/2011 1:40:41 PM - Installed Symantec AntiVirus
RP50: 1/29/2011 1:57:45 PM - Software Distribution Service 3.0
RP51: 1/29/2011 3:46:28 PM - Removed Symantec AntiVirus
RP52: 1/29/2011 3:55:16 PM - Installed Symantec AntiVirus
RP53: 1/31/2011 11:11:11 AM - Removed Symantec AntiVirus
RP54: 1/31/2011 11:57:10 AM - Software Distribution Service 3.0
RP55: 1/31/2011 12:11:36 PM - Software Distribution Service 3.0
RP56: 2/1/2011 2:47:48 PM - Software Distribution Service 3.0
RP57: 2/1/2011 2:51:51 PM - Software Distribution Service 3.0
RP58: 2/2/2011 1:58:01 PM - Software Distribution Service 3.0
RP59: 2/3/2011 8:58:21 PM - Software Distribution Service 3.0
RP60: 2/5/2011 2:06:52 AM - Software Distribution Service 3.0
RP61: 2/6/2011 12:37:13 PM - Software Distribution Service 3.0
RP62: 2/7/2011 2:19:41 PM - Installed Safari
RP63: 2/7/2011 9:31:16 PM - Software Distribution Service 3.0
RP64: 2/8/2011 4:47:47 PM - Software Distribution Service 3.0
RP65: 2/8/2011 10:40:20 PM - Software Distribution Service 3.0
RP66: 2/9/2011 11:11:12 PM - Software Distribution Service 3.0
RP67: 2/9/2011 11:36:06 PM - Software Distribution Service 3.0
RP68: 2/11/2011 11:59:09 AM - Software Distribution Service 3.0
RP69: 2/11/2011 12:03:02 PM - Software Distribution Service 3.0
RP70: 2/12/2011 12:09:41 PM - Software Distribution Service 3.0
RP71: 2/13/2011 10:41:05 PM - Software Distribution Service 3.0
RP72: 2/14/2011 9:14:54 PM - Software Distribution Service 3.0
RP73: 2/15/2011 9:34:28 AM - Software Distribution Service 3.0
RP74: 2/16/2011 10:30:07 AM - Software Distribution Service 3.0
RP75: 2/17/2011 11:37:37 AM - Software Distribution Service 3.0
RP76: 2/17/2011 1:25:05 PM - Software Distribution Service 3.0
RP77: 2/17/2011 8:37:23 PM - Removed BlackBerry App World Browser Plugin
RP78: 2/17/2011 8:39:23 PM - Removed BlackBerry Desktop Software 6.0.
RP79: 2/17/2011 8:42:16 PM - Removed BBSAK
RP80: 2/19/2011 2:29:36 PM - Software Distribution Service 3.0
RP81: 2/20/2011 5:10:43 PM - Software Distribution Service 3.0
RP82: 2/22/2011 2:06:48 PM - Software Distribution Service 3.0
RP83: 2/24/2011 11:50:43 AM - Software Distribution Service 3.0
RP84: 2/28/2011 12:42:19 PM - Software Distribution Service 3.0
RP85: 3/2/2011 1:04:53 PM - Software Distribution Service 3.0
RP86: 3/3/2011 1:16:49 PM - Software Distribution Service 3.0
RP87: 3/5/2011 3:57:27 PM - Software Distribution Service 3.0
RP88: 3/6/2011 10:14:25 PM - Software Distribution Service 3.0
RP89: 3/8/2011 11:39:27 AM - Software Distribution Service 3.0
RP90: 3/9/2011 9:05:39 PM - Software Distribution Service 3.0
RP91: 3/10/2011 11:48:22 PM - Software Distribution Service 3.0
RP92: 3/12/2011 12:28:44 PM - Software Distribution Service 3.0
RP93: 3/13/2011 6:06:17 PM - Software Distribution Service 3.0
RP94: 3/15/2011 12:11:10 AM - Software Distribution Service 3.0
RP95: 3/16/2011 9:26:07 PM - Software Distribution Service 3.0
RP96: 3/16/2011 9:41:46 PM - Software Distribution Service 3.0
RP97: 3/17/2011 11:26:57 PM - Software Distribution Service 3.0
RP98: 3/19/2011 2:15:09 AM - Software Distribution Service 3.0
RP99: 3/20/2011 2:13:16 PM - Software Distribution Service 3.0
RP100: 3/22/2011 11:42:34 AM - Software Distribution Service 3.0
RP101: 3/22/2011 12:14:05 PM - Installed MobileMe Control Panel
RP102: 3/24/2011 12:30:16 AM - Software Distribution Service 3.0
RP103: 3/25/2011 12:53:12 AM - Software Distribution Service 3.0
RP104: 3/28/2011 9:54:09 AM - Software Distribution Service 3.0
RP105: 3/28/2011 9:58:22 AM - Software Distribution Service 3.0
RP106: 3/29/2011 6:08:41 PM - Software Distribution Service 3.0
RP107: 3/31/2011 12:52:41 AM - Software Distribution Service 3.0
RP108: 4/1/2011 2:22:49 AM - Software Distribution Service 3.0
RP109: 4/2/2011 2:27:07 PM - Software Distribution Service 3.0
RP110: 4/4/2011 1:21:26 AM - Software Distribution Service 3.0
RP111: 4/5/2011 4:28:44 PM - Software Distribution Service 3.0
RP112: 4/7/2011 12:51:21 AM - Software Distribution Service 3.0
RP113: 4/9/2011 1:36:59 AM - Software Distribution Service 3.0
RP114: 4/10/2011 11:33:58 PM - Software Distribution Service 3.0
RP115: 4/12/2011 9:23:58 PM - Software Distribution Service 3.0
RP116: 4/14/2011 1:03:06 AM - Software Distribution Service 3.0
RP117: 4/16/2011 2:36:59 AM - Software Distribution Service 3.0
RP118: 4/16/2011 3:10:50 AM - Restore Operation
RP119: 4/16/2011 3:22:05 AM - Software Distribution Service 3.0
RP120: 4/18/2011 12:36:32 PM - Software Distribution Service 3.0
RP121: 4/20/2011 1:32:25 PM - Software Distribution Service 3.0
RP122: 4/21/2011 2:30:42 PM - Software Distribution Service 3.0
RP123: 4/23/2011 11:52:25 AM - Software Distribution Service 3.0
RP124: 4/26/2011 11:36:35 PM - Software Distribution Service 3.0
RP125: 4/28/2011 12:29:18 PM - Software Distribution Service 3.0
RP126: 4/29/2011 1:06:50 AM - Software Distribution Service 3.0
RP127: 4/29/2011 7:32:01 PM - Software Distribution Service 3.0
RP128: 5/2/2011 12:17:22 PM - Software Distribution Service 3.0
RP129: 5/4/2011 11:43:09 PM - Software Distribution Service 3.0
RP130: 5/6/2011 3:54:02 PM - Software Distribution Service 3.0
RP131: 5/9/2011 1:31:12 PM - Software Distribution Service 3.0
RP132: 5/11/2011 1:00:29 PM - Software Distribution Service 3.0
RP133: 5/11/2011 3:11:18 PM - Restore Operation
RP134: 5/11/2011 3:32:03 PM - Restore Operation
RP135: 5/11/2011 3:58:54 PM - Restore Operation
RP136: 5/11/2011 10:26:17 PM - Restore Operation
RP137: 5/11/2011 10:36:31 PM - Restore Operation
RP138: 5/11/2011 10:37:43 PM - Restore Operation
RP139: 5/12/2011 12:47:44 AM - Restore Operation
.
==== Installed Programs ======================
.
.
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
BACS
Banctec Service Agreement
BCM V.92 56K Modem
BitTorrent
Bonjour
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Digital Photo Professional 3.9
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.6.13.178
Critical Update for Windows Media Player 11 (KB959772)
Dell Networking Guide
DivX Plus DirectShow Filters
DivX Setup
DVDSentry
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
Java Auto Updater
Java™ 6 Update 21
Logitech Harmony Remote Software 7
Logitech MouseWare 9.79
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! for Windows XP
Microsoft Publisher 2002
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8 Micro 8.3.6.0
PokerStars
PowerDVD
Quicken 2004
QuickTime
RealPlayer
RegCompact.NET 1.8
Remote Control USB Driver
Roxio Media Manager
Safari
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 9
Symantec WinFax PRO 10.0
The Tournament Director 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.4
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Cambridge Silicon Radio (CSRBC01) USB  (1/21/2002 1.20.0000.0000)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 14.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
5/12/2011 12:25:07 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: Default URL ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x8007043c ​Error description: This service cannot be started in Safe Mode
5/12/2011 12:25:07 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/11/2011 6:45:28 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: http://www.microsoft.com ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x80072efe ​Error description: The connection with the server was terminated abnormally
5/11/2011 4:39:46 PM, error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 ​Name: Trojan:DOS/Alureon.A ​ID: 2147636949 ​Severity: Severe ​Category: Trojan ​Path: rootkit:_AlureonMbr ​Detection Origin: Unknown ​Detection Type: Concrete ​Detection Source: User ​User: NT AUTHORITY\SYSTEM ​Process Name: Unknown ​Action: Remove ​Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.  ​To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.  ​Error Code: 0x80070032 ​Error description: The request is not supported.  ​Signature Version: AV: 1.103.1297.0, AS: 1.103.1297.0, NIS: 0.0.0.0 ​Engine Version: AM: 1.1.6802.0, NIS: 0.0.0.0
5/11/2011 4:09:14 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: http://www.microsoft.com ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x80072efe ​Error description: The connection with the server was terminated abnormally
5/11/2011 4:03:42 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. ​Signatures Attempted: Current ​Error Code: 0x80070002 ​Error description: The system cannot find the file specified.  ​Signature version: 0.0.0.0;0.0.0.0 ​Engine version: 0.0.0.0
5/11/2011 3:51:39 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: http://www.microsoft.com ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x80072efe ​Error description: The connection with the server was terminated abnormally
5/11/2011 3:44:09 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/11/2011 3:42:39 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. ​Signatures Attempted: Current ​Error Code: 0x80070003 ​Error description: The system cannot find the path specified.  ​Signature version: 0.0.0.0;0.0.0.0 ​Engine version: 0.0.0.0
5/11/2011 3:34:55 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. ​Signatures Attempted: Current ​Error Code: 0x80070002 ​Error description: The system cannot find the file specified.  ​Signature version: 0.0.0.0;0.0.0.0 ​Engine version: 0.0.0.0
5/11/2011 3:30:51 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: http://www.microsoft.com ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x80072efe ​Error description: The connection with the server was terminated abnormally
5/11/2011 3:30:06 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. ​New Signature Version:  ​Previous Signature Version: 1.103.1297.0 ​Update Source: Microsoft Update Server ​Update Stage: Search ​Source Path: http://www.microsoft.com ​Signature Type: AntiVirus ​Update Type: Full ​User: NT AUTHORITY\SYSTEM ​Current Engine Version:  ​Previous Engine Version: 1.1.6802.0 ​Error code: 0x80072efe ​Error description: The connection with the server was terminated abnormally
5/11/2011 3:14:03 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. ​Signatures Attempted: Current ​Error Code: 0x80070002 ​Error description: The system cannot find the file specified.  ​Signature version: 0.0.0.0;0.0.0.0 ​Engine version: 0.0.0.0
5/11/2011 2:51:29 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm MpFilter
5/11/2011 10:43:37 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
5/11/2011 1:57:45 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/11/2011 1:55:32 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/11/2011 1:55:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/11/2011 1:51:39 PM, error: Service Control Manager [7000]  - The Pluvrram service failed to start due to the following error:  The filename, directory name, or volume label syntax is incorrect.
.
==== End Of File ===========================
 
 
Ark Log
 
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-12 01:27:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 Maxtor_6Y120M0 rev.YAR51EW0
Running: gmer.exe; Driver: C:\DOCUME~1\ROBBY&~1\LOCALS~1\Temp\fglyrfoc.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
?      C:\DOCUME~1\ROBBY&~1\LOCALS~1\Temp\mbr.sys                                                       The system cannot find the file specified. !
 
---- User code sections - GMER 1.0.15 ----
 
.text  C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory                           7C90D6EE 5 Bytes  JMP 00D3000A
.text  C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtWriteVirtualMemory                             7C90DFAE 5 Bytes  JMP 00D4000A
.text  C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!KiUserExceptionDispatcher                        7C90E47C 5 Bytes  JMP 00D2000C
.text  C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!GetCursorPos                                    7E42974E 5 Bytes  JMP 010B000A
.text  C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!WindowFromPoint                                 7E429766 5 Bytes  JMP 010C000A
.text  C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!GetForegroundWindow                             7E429823 5 Bytes  JMP 0111000A
.text  C:\WINDOWS\System32\svchost.exe[1276] ole32.dll!CoCreateInstance                                 774FF1AC 5 Bytes  JMP 00FE000A
.text  C:\WINDOWS\Explorer.EXE[1884] ntdll.dll!NtProtectVirtualMemory                                   7C90D6EE 5 Bytes  JMP 00D7000A
.text  C:\WINDOWS\Explorer.EXE[1884] ntdll.dll!NtWriteVirtualMemory                                     7C90DFAE 5 Bytes  JMP 00D8000A
.text  C:\WINDOWS\Explorer.EXE[1884] ntdll.dll!KiUserExceptionDispatcher                                7C90E47C 5 Bytes  JMP 00D6000C
.text  C:\Program Files\Safari\Safari.exe[3724] ntdll.dll!NtProtectVirtualMemory                        7C90D6EE 5 Bytes  JMP 0331000A
.text  C:\Program Files\Safari\Safari.exe[3724] ntdll.dll!NtWriteVirtualMemory                          7C90DFAE 5 Bytes  JMP 0332000A
.text  C:\Program Files\Safari\Safari.exe[3724] ntdll.dll!KiUserExceptionDispatcher                     7C90E47C 5 Bytes  JMP 0330000C
 
---- Registry - GMER 1.0.15 ----
 
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001cd8060b73 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001cd8060b73 (not active ControlSet)  
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001cd8060b73                      
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout               15
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                  10000
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                yes
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                              
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout               90
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                 10000
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs              1
 
---- Disk sectors - GMER 1.0.15 ----
 
Disk   \Device\Harddisk0\DR0                                                                            TDL4@MBR code has been found                   <-- ROOTKIT !!!
Disk   \Device\Harddisk0\DR0                                                                            sector 00: rootkit-like behavior
 
---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 17 May 2011 - 03:11 PM

Is there anyone out there that can help? I haven't touched my computer in a week.

#3 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 17 May 2011 - 04:14 PM

:welcome: to BC!

Sorry about the delay.

I had to paste the requested logs.

That's OK. I prefer them pasted in. If they need to be attcahed I'll let you know.

You have run ComboFix.
Running powerful tools like ComboFix without supervision isn't advisable.

As stated by the author of the tool.

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.



Let's get going then.


Step 1.
TDSSKiller:


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.
aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply


Step 3.
Things I would like to see in your reply:

  • The content of the log from TDSSKiller in step 1.
  • The content of the log from aswMBR in step 2.
  • The content of C:\ComboFix.txt from when you ran it.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#4 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 21 May 2011 - 03:03 PM

Sorry for the delay in responding to your post. For some reason I wasn't notified that you had responded. I will get to work with your suggestions right away. Thank you for your help.

#5 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 21 May 2011 - 03:44 PM

Here are the requested logs:

TDSSKiller log

2011/05/21 13:29:02.0041 3920 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 13:29:02.0603 3920 ================================================================================
2011/05/21 13:29:02.0603 3920 SystemInfo:
2011/05/21 13:29:02.0603 3920
2011/05/21 13:29:02.0603 3920 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 13:29:02.0603 3920 Product type: Workstation
2011/05/21 13:29:02.0603 3920 ComputerName: ROBBYMELISSA
2011/05/21 13:29:02.0603 3920 UserName: Robby & Melissa
2011/05/21 13:29:02.0603 3920 Windows directory: C:\WINDOWS
2011/05/21 13:29:02.0603 3920 System windows directory: C:\WINDOWS
2011/05/21 13:29:02.0603 3920 Processor architecture: Intel x86
2011/05/21 13:29:02.0603 3920 Number of processors: 2
2011/05/21 13:29:02.0603 3920 Page size: 0x1000
2011/05/21 13:29:02.0603 3920 Boot type: Normal boot
2011/05/21 13:29:02.0603 3920 ================================================================================
2011/05/21 13:29:03.0713 3920 Initialize success
2011/05/21 13:29:19.0138 4012 ================================================================================
2011/05/21 13:29:19.0138 4012 Scan started
2011/05/21 13:29:19.0138 4012 Mode: Manual;
2011/05/21 13:29:19.0138 4012 ================================================================================
2011/05/21 13:29:19.0403 4012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/21 13:29:19.0497 4012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/21 13:29:19.0560 4012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/21 13:29:19.0638 4012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/21 13:29:19.0747 4012 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/21 13:29:19.0841 4012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/21 13:29:19.0966 4012 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/21 13:29:20.0028 4012 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/21 13:29:20.0107 4012 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/21 13:29:20.0185 4012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/21 13:29:20.0310 4012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/21 13:29:20.0388 4012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/21 13:29:20.0482 4012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/21 13:29:20.0544 4012 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/21 13:29:20.0607 4012 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/21 13:29:20.0716 4012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/21 13:29:20.0794 4012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/21 13:29:20.0857 4012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/21 13:29:20.0935 4012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/21 13:29:21.0029 4012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/21 13:29:21.0122 4012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/21 13:29:21.0294 4012 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/21 13:29:21.0419 4012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/21 13:29:21.0497 4012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/21 13:29:21.0576 4012 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/21 13:29:21.0701 4012 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/21 13:29:21.0810 4012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/21 13:29:21.0919 4012 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/21 13:29:21.0982 4012 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/21 13:29:22.0060 4012 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/21 13:29:22.0138 4012 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/21 13:29:22.0373 4012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/21 13:29:22.0435 4012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/21 13:29:22.0545 4012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/21 13:29:22.0654 4012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/21 13:29:22.0748 4012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/21 13:29:22.0826 4012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/21 13:29:22.0966 4012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/21 13:29:23.0045 4012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/21 13:29:23.0170 4012 CSRBC (e6c27c6b3870cb22a6bf5a851e4ae3f0) C:\WINDOWS\system32\Drivers\csrbcxp.sys
2011/05/21 13:29:23.0404 4012 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/05/21 13:29:23.0482 4012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/21 13:29:23.0545 4012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/21 13:29:23.0654 4012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 13:29:23.0779 4012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/21 13:29:23.0842 4012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/21 13:29:23.0904 4012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/21 13:29:23.0982 4012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/21 13:29:24.0060 4012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/21 13:29:24.0123 4012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/21 13:29:24.0185 4012 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/21 13:29:24.0279 4012 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/21 13:29:24.0826 4012 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/21 13:29:24.0904 4012 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
2011/05/21 13:29:24.0967 4012 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/21 13:29:25.0045 4012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/21 13:29:25.0108 4012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/21 13:29:25.0170 4012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/21 13:29:25.0264 4012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/21 13:29:25.0311 4012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/21 13:29:25.0404 4012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 13:29:25.0467 4012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/21 13:29:25.0545 4012 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/21 13:29:25.0670 4012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 13:29:25.0733 4012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/21 13:29:25.0826 4012 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
2011/05/21 13:29:25.0905 4012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/21 13:29:25.0983 4012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/21 13:29:26.0061 4012 hpusbfd (fea040582be5db58a8fafe3948736526) C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
2011/05/21 13:29:26.0170 4012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/21 13:29:26.0280 4012 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/21 13:29:26.0373 4012 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/21 13:29:26.0452 4012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/21 13:29:26.0545 4012 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/21 13:29:26.0623 4012 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/21 13:29:26.0717 4012 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/21 13:29:26.0780 4012 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/21 13:29:26.0858 4012 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/21 13:29:26.0936 4012 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/21 13:29:27.0014 4012 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/21 13:29:27.0092 4012 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/21 13:29:27.0202 4012 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/21 13:29:27.0311 4012 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/21 13:29:27.0483 4012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/21 13:29:27.0592 4012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/21 13:29:27.0686 4012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/21 13:29:27.0733 4012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/21 13:29:27.0811 4012 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/21 13:29:27.0889 4012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/21 13:29:27.0952 4012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/21 13:29:28.0030 4012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/21 13:29:28.0092 4012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/21 13:29:28.0171 4012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/21 13:29:28.0264 4012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/21 13:29:28.0342 4012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/21 13:29:28.0421 4012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/21 13:29:28.0483 4012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/21 13:29:28.0655 4012 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/05/21 13:29:28.0733 4012 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/05/21 13:29:28.0811 4012 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/05/21 13:29:28.0874 4012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/21 13:29:28.0983 4012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/21 13:29:29.0061 4012 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/21 13:29:29.0140 4012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/21 13:29:29.0218 4012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/21 13:29:29.0280 4012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/21 13:29:29.0374 4012 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/21 13:29:29.0702 4012 MpKsl0c104e33 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0c104e33.sys
2011/05/21 13:29:30.0093 4012 MpKsl87fd1d54 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl87fd1d54.sys
2011/05/21 13:29:30.0796 4012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/21 13:29:30.0952 4012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/21 13:29:31.0015 4012 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/21 13:29:31.0124 4012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/21 13:29:31.0202 4012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/21 13:29:31.0265 4012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/21 13:29:31.0296 4012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/21 13:29:31.0374 4012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/21 13:29:31.0390 4012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/21 13:29:31.0484 4012 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
2011/05/21 13:29:31.0515 4012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/21 13:29:31.0562 4012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/21 13:29:31.0593 4012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/21 13:29:31.0624 4012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/21 13:29:31.0687 4012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/21 13:29:31.0702 4012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/21 13:29:31.0796 4012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/21 13:29:31.0890 4012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/21 13:29:31.0968 4012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/21 13:29:32.0062 4012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/21 13:29:32.0171 4012 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/21 13:29:32.0312 4012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/21 13:29:32.0343 4012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 13:29:32.0359 4012 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/21 13:29:32.0437 4012 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/05/21 13:29:32.0531 4012 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
2011/05/21 13:29:32.0625 4012 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/21 13:29:32.0703 4012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/21 13:29:32.0750 4012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/21 13:29:32.0812 4012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/21 13:29:32.0875 4012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/21 13:29:32.0968 4012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/21 13:29:33.0046 4012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/21 13:29:33.0109 4012 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/05/21 13:29:33.0265 4012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/21 13:29:33.0312 4012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/21 13:29:33.0406 4012 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/05/21 13:29:33.0547 4012 Pluvrram (0753515f78df7f271a5e61c20bcd36a1) C:\WINDOWS\system32\drivers\ks.sys
2011/05/21 13:29:33.0640 4012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/21 13:29:33.0687 4012 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/21 13:29:33.0765 4012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/21 13:29:33.0797 4012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/21 13:29:33.0843 4012 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/21 13:29:33.0906 4012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/21 13:29:33.0937 4012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/21 13:29:33.0984 4012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/21 13:29:34.0015 4012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/21 13:29:34.0078 4012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/21 13:29:34.0109 4012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/21 13:29:34.0172 4012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/21 13:29:34.0203 4012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/21 13:29:34.0234 4012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/21 13:29:34.0328 4012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/21 13:29:34.0406 4012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/21 13:29:34.0469 4012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/21 13:29:34.0500 4012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/21 13:29:34.0562 4012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/21 13:29:34.0625 4012 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/21 13:29:34.0703 4012 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/21 13:29:34.0750 4012 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/21 13:29:34.0859 4012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/21 13:29:34.0922 4012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/21 13:29:34.0984 4012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/21 13:29:35.0094 4012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/21 13:29:35.0172 4012 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/21 13:29:35.0266 4012 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/21 13:29:35.0359 4012 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/21 13:29:35.0500 4012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/21 13:29:35.0781 4012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/21 13:29:35.0828 4012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/21 13:29:35.0938 4012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/21 13:29:36.0031 4012 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/21 13:29:36.0078 4012 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/21 13:29:36.0141 4012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/21 13:29:36.0172 4012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/21 13:29:36.0219 4012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/21 13:29:36.0266 4012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/21 13:29:36.0313 4012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/21 13:29:36.0375 4012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/21 13:29:36.0422 4012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/21 13:29:36.0485 4012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/21 13:29:36.0563 4012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/21 13:29:36.0594 4012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/21 13:29:36.0657 4012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/21 13:29:36.0750 4012 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/21 13:29:36.0797 4012 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/21 13:29:36.0844 4012 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/21 13:29:36.0891 4012 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/21 13:29:36.0922 4012 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/21 13:29:36.0969 4012 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/21 13:29:37.0000 4012 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/21 13:29:37.0047 4012 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/21 13:29:37.0110 4012 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/21 13:29:37.0203 4012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/21 13:29:37.0313 4012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/21 13:29:37.0360 4012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/21 13:29:37.0422 4012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/21 13:29:37.0500 4012 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/21 13:29:37.0579 4012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/21 13:29:37.0641 4012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/21 13:29:37.0704 4012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/21 13:29:37.0782 4012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/21 13:29:37.0844 4012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/21 13:29:37.0891 4012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/21 13:29:37.0922 4012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/21 13:29:37.0969 4012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/21 13:29:38.0016 4012 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/21 13:29:38.0047 4012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/21 13:29:38.0079 4012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/21 13:29:38.0172 4012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/21 13:29:38.0235 4012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/21 13:29:38.0376 4012 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/21 13:29:38.0407 4012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/21 13:29:38.0469 4012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/21 13:29:38.0547 4012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/21 13:29:38.0610 4012 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/21 13:29:38.0610 4012 ================================================================================
2011/05/21 13:29:38.0610 4012 Scan finished
2011/05/21 13:29:38.0610 4012 ================================================================================
2011/05/21 13:29:38.0626 4004 Detected object count: 1
2011/05/21 13:31:27.0068 4004 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/21 13:31:27.0068 4004 \HardDisk0 - ok
2011/05/21 13:31:27.0068 4004 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/21 13:33:02.0929 3912 Deinitialize success


aswMBR log

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-21 13:39:09
-----------------------------
13:39:09.343 OS Version: Windows 5.1.2600 Service Pack 3
13:39:09.343 Number of processors: 2 586 0x209
13:39:09.343 ComputerName: ROBBYMELISSA UserName:
13:39:09.750 Initialize success
13:39:24.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:39:24.640 Disk 0 Vendor: Maxtor_6Y120M0 YAR51EW0 Size: 114440MB BusType: 3
13:39:26.640 Disk 0 MBR read successfully
13:39:26.640 Disk 0 MBR scan
13:39:26.640 Disk 0 Windows XP default MBR code
13:39:28.640 Disk 0 scanning sectors +234372285
13:39:28.656 Disk 0 scanning C:\WINDOWS\system32\drivers
13:39:39.015 Service scanning
13:39:40.421 Disk 0 trace - called modules:
13:39:40.437 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:39:40.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83396ab8]
13:39:40.437 3 CLASSPNP.SYS[f8636fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x83389b00]
13:39:40.437 Scan finished successfully
13:39:53.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robby & Melissa\Desktop\MBR.dat"
13:39:53.500 The log file has been saved successfully to "C:\Documents and Settings\Robby & Melissa\Desktop\aswMBR.txt"


Combofix Log

ComboFix 11-05-11.02 - Robby & Melissa 05/12/2011 3:29.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.323 [GMT -7:00]
Running from: c:\documents and settings\Robby & Melissa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 10:27 . 2011-05-12 10:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl6f43eb67.sys
2011-05-12 09:54 . 2011-05-12 09:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-12 09:53 . 2011-05-12 09:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-12 09:17 . 2011-05-12 09:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-12 07:45 . 2011-05-12 07:45 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-12 06:14 . 2011-05-12 07:43 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-12 05:36 . 2011-05-12 05:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl951230a0.sys
2011-05-12 05:25 . 2011-05-12 05:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsld189f3ed.sys
2011-05-12 04:26 . 2011-05-12 04:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-05-11 23:03 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\mpengine.dll
2011-05-11 23:01 . 2011-05-11 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-18 21:15 . 2011-04-18 21:15 -------- d-----w- c:\program files\iPod
2011-04-18 21:14 . 2011-04-18 21:16 -------- d-----w- c:\program files\iTunes
2011-04-18 21:09 . 2011-04-18 21:09 -------- d-----w- c:\program files\Bonjour
2011-04-16 09:40 . 2011-04-16 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\hPi06511gFfGd06511
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:52 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2004-03-02 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-03-04 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-19 00:36 . 2009-09-27 23:19 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2009-09-27 23:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-11 17:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-02-20 11:48 229888 ----a-w- c:\windows\system32\fxscover.exe
2004-08-04 07:56 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-12_02.38.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-12 10:27 . 2011-05-12 10:27 16384 c:\windows\temp\Perflib_Perfdata_480.dat
+ 2011-05-12 09:17 . 2011-05-12 05:21 175920 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
+ 2010-05-27 00:02 . 2011-05-12 07:45 3905220 c:\windows\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0dd7
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 MpKsl6f43eb67;MpKsl6f43eb67;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl6f43eb67.sys [5/12/2011 3:27 AM 28752]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\SYSTEM32\DRIVERS\hpusbfd.sys [2/26/2004 2:10 PM 7552]
S1 MpKsl0597717b;MpKsl0597717b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys [?]
S1 MpKsl0fd3c3f8;MpKsl0fd3c3f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys [?]
S1 MpKsl116694de;MpKsl116694de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys [?]
S1 MpKsl167b2928;MpKsl167b2928;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys [?]
S1 MpKsl2266c6b0;MpKsl2266c6b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys [?]
S1 MpKsl37a32707;MpKsl37a32707;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys [?]
S1 MpKsl37b65829;MpKsl37b65829;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys [?]
S1 MpKsl3f67a36b;MpKsl3f67a36b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys [?]
S1 MpKsl40a99d9e;MpKsl40a99d9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys [?]
S1 MpKsl43acccda;MpKsl43acccda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys [?]
S1 MpKsl46236b1e;MpKsl46236b1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys [?]
S1 MpKsl4b6a9277;MpKsl4b6a9277;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys [?]
S1 MpKsl4bb7900a;MpKsl4bb7900a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys [?]
S1 MpKsl5035ce86;MpKsl5035ce86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys [?]
S1 MpKsl54e0b092;MpKsl54e0b092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys [?]
S1 MpKsl589171bf;MpKsl589171bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys [?]
S1 MpKsl74ef6e3c;MpKsl74ef6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys [?]
S1 MpKsl767428dc;MpKsl767428dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys [?]
S1 MpKsl7d3e3f30;MpKsl7d3e3f30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys [?]
S1 MpKsl7d595872;MpKsl7d595872;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys [?]
S1 MpKsl80dd2cc9;MpKsl80dd2cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys [?]
S1 MpKsl821069c6;MpKsl821069c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys [?]
S1 MpKsl87aaf8d4;MpKsl87aaf8d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys [?]
S1 MpKsl8ff88da5;MpKsl8ff88da5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys [?]
S1 MpKsl937779ab;MpKsl937779ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys [?]
S1 MpKsla900fe8c;MpKsla900fe8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys [?]
S1 MpKsla97ea4f4;MpKsla97ea4f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys [?]
S1 MpKslaed7ab7d;MpKslaed7ab7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys [?]
S1 MpKslb6182993;MpKslb6182993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys [?]
S1 MpKslc356a204;MpKslc356a204;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys [?]
S1 MpKslc3cef87b;MpKslc3cef87b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys [?]
S1 MpKsld19d35be;MpKsld19d35be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys [?]
S1 MpKsldb976c2d;MpKsldb976c2d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys [?]
S1 MpKslec19a0c0;MpKslec19a0c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys [?]
S1 MpKsleec13ba8;MpKsleec13ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys [?]
S1 MpKslf09b6f6a;MpKslf09b6f6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\Drivers\CSRBC01.sys --> c:\windows\system32\Drivers\CSRBC01.sys [?]
S3 Pluvrram;Pluvrram;c:\windows\SYSTEM32\DRIVERS\ks.sys [3/21/2004 2:28 AM 141056]
S4 Modefslaip;Modefslaip; [x]
S4 mrtRate;mrtRate; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6F43EB67
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-12 03:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120M0 rev.YAR51EW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8334C31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3648660711-2777915979-1975221019-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,62,d5,a7,0a,1b,7d,32,96,70,05,b7,e1,c5,c1,be,69,fb,2f,0e,2a,3c,39,
e6,bd,01,1c,12,e7,66,83,2f,3f,f4,d6,81,cb,53,78,16,b9,87,1e,f5,8d,63,9f,00,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-12 03:54:28
ComboFix-quarantined-files.txt 2011-05-12 10:54
ComboFix2.txt 2011-05-12 02:46
.
Pre-Run: 30,165,147,648 bytes free
Post-Run: 30,367,023,104 bytes free
.
- - End Of File - - 9A918AC774FF9DEE4E16452E212A000E

#6 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 21 May 2011 - 03:59 PM

Step 1.
ComboFix:

Delete your current copy of ComboFix.exe on your desktop

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Step 2.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of C:\Qoobox\ComboFix3.txt.
  • The content of C:\Qoobox\ComboFix-quarantined-files.txt.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#7 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 21 May 2011 - 05:00 PM

Combofix Log

ComboFix 11-05-21.03 - Robby & Melissa 05/21/2011 14:35:48.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.211 [GMT -7:00]
Running from: c:\documents and settings\Robby & Melissa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 21:23 . 2011-05-21 21:23 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl14f6e387.sys
2011-05-21 20:31 . 2011-05-21 20:31 -------- d-----w- C:\AntiVirus AntiSpyware 2011
2011-05-12 09:54 . 2011-05-12 09:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-12 09:53 . 2011-05-12 09:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-12 09:17 . 2011-05-12 09:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-12 07:45 . 2011-05-12 07:45 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-12 06:14 . 2011-05-12 07:43 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-12 05:36 . 2011-05-12 05:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl951230a0.sys
2011-05-12 05:25 . 2011-05-12 05:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsld189f3ed.sys
2011-05-12 04:26 . 2011-05-12 04:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-05-11 23:03 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\mpengine.dll
2011-05-11 23:01 . 2011-05-11 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:52 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2004-03-02 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-03-04 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 07:56 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-12_02.38.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-21 21:23 . 2011-05-21 21:23 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
+ 2002-08-29 11:00 . 2008-04-13 18:39 384768 c:\windows\SYSTEM32\DLLCACHE\update.sys
+ 2011-05-12 09:17 . 2011-05-12 05:21 175920 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
+ 2010-05-27 00:02 . 2011-05-12 07:45 3905220 c:\windows\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0dd7
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 MpKsl14f6e387;MpKsl14f6e387;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl14f6e387.sys [5/21/2011 2:23 PM 28752]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\SYSTEM32\DRIVERS\hpusbfd.sys [2/26/2004 2:10 PM 7552]
S1 MpKsl0597717b;MpKsl0597717b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys [?]
S1 MpKsl0fd3c3f8;MpKsl0fd3c3f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys [?]
S1 MpKsl116694de;MpKsl116694de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys [?]
S1 MpKsl167b2928;MpKsl167b2928;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys [?]
S1 MpKsl2266c6b0;MpKsl2266c6b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys [?]
S1 MpKsl37a32707;MpKsl37a32707;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys [?]
S1 MpKsl37b65829;MpKsl37b65829;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys [?]
S1 MpKsl3f67a36b;MpKsl3f67a36b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys [?]
S1 MpKsl40a99d9e;MpKsl40a99d9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys [?]
S1 MpKsl43acccda;MpKsl43acccda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys [?]
S1 MpKsl46236b1e;MpKsl46236b1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys [?]
S1 MpKsl4b6a9277;MpKsl4b6a9277;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys [?]
S1 MpKsl4bb7900a;MpKsl4bb7900a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys [?]
S1 MpKsl5035ce86;MpKsl5035ce86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys [?]
S1 MpKsl54e0b092;MpKsl54e0b092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys [?]
S1 MpKsl589171bf;MpKsl589171bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys [?]
S1 MpKsl74ef6e3c;MpKsl74ef6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys [?]
S1 MpKsl767428dc;MpKsl767428dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys [?]
S1 MpKsl7d3e3f30;MpKsl7d3e3f30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys [?]
S1 MpKsl7d595872;MpKsl7d595872;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys [?]
S1 MpKsl80dd2cc9;MpKsl80dd2cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys [?]
S1 MpKsl821069c6;MpKsl821069c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys [?]
S1 MpKsl87aaf8d4;MpKsl87aaf8d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys [?]
S1 MpKsl8ff88da5;MpKsl8ff88da5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys [?]
S1 MpKsl937779ab;MpKsl937779ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys [?]
S1 MpKsla900fe8c;MpKsla900fe8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys [?]
S1 MpKsla97ea4f4;MpKsla97ea4f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys [?]
S1 MpKslace35c15;MpKslace35c15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslace35c15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslace35c15.sys [?]
S1 MpKslaed7ab7d;MpKslaed7ab7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys [?]
S1 MpKslb6182993;MpKslb6182993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys [?]
S1 MpKslc356a204;MpKslc356a204;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys [?]
S1 MpKslc3cef87b;MpKslc3cef87b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys [?]
S1 MpKsld19d35be;MpKsld19d35be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys [?]
S1 MpKsldb976c2d;MpKsldb976c2d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys [?]
S1 MpKslec19a0c0;MpKslec19a0c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys [?]
S1 MpKsleec13ba8;MpKsleec13ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys [?]
S1 MpKslf09b6f6a;MpKslf09b6f6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys [?]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\Drivers\CSRBC01.sys --> c:\windows\system32\Drivers\CSRBC01.sys [?]
S3 Pluvrram;Pluvrram;c:\windows\SYSTEM32\DRIVERS\ks.sys [3/21/2004 2:28 AM 141056]
S4 Modefslaip;Modefslaip; [x]
S4 mrtRate;mrtRate; [x]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL14F6E387
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.update]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3648660711-2777915979-1975221019-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,62,d5,a7,0a,1b,7d,32,96,70,05,b7,e1,c5,c1,be,69,fb,2f,0e,2a,3c,39,
e6,bd,01,1c,12,e7,66,83,2f,3f,f4,d6,81,cb,53,78,16,b9,87,1e,f5,8d,63,9f,00,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-21 14:53:38
ComboFix-quarantined-files.txt 2011-05-21 21:53
ComboFix2.txt 2011-05-12 02:46
.
Pre-Run: 33,776,091,136 bytes free
Post-Run: 33,798,606,848 bytes free
.
- - End Of File - - B87ACEEED283FC02DD784640EE60F0E2


ComboFix2.txt log file...... I didn't see a ComboFix3.txt file

ComboFix 11-05-11.01 - Robby & Melissa 05/11/2011 19:21:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.324 [GMT -7:00]
Running from: c:\documents and settings\Robby & Melissa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 02:18 . 2011-05-12 02:18 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslec9827dc.sys
2011-05-11 23:49 . 2011-05-11 23:49 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-11 23:46 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 23:46 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 23:03 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\mpengine.dll
2011-05-11 23:01 . 2011-05-11 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-18 21:15 . 2011-04-18 21:15 -------- d-----w- c:\program files\iPod
2011-04-18 21:14 . 2011-04-18 21:16 -------- d-----w- c:\program files\iTunes
2011-04-18 21:09 . 2011-04-18 21:09 -------- d-----w- c:\program files\Bonjour
2011-04-16 09:40 . 2011-04-16 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\hPi06511gFfGd06511
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:52 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2004-03-02 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-03-04 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-19 00:36 . 2009-09-27 23:19 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2009-09-27 23:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-11 17:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-02-20 11:48 229888 ----a-w- c:\windows\system32\fxscover.exe
2004-08-04 07:56 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0dd7
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 MpKslec9827dc;MpKslec9827dc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslec9827dc.sys [5/11/2011 7:18 PM 28752]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\SYSTEM32\DRIVERS\hpusbfd.sys [2/26/2004 2:10 PM 7552]
S1 MpKsl0597717b;MpKsl0597717b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys [?]
S1 MpKsl0fd3c3f8;MpKsl0fd3c3f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys [?]
S1 MpKsl116694de;MpKsl116694de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys [?]
S1 MpKsl167b2928;MpKsl167b2928;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys [?]
S1 MpKsl2266c6b0;MpKsl2266c6b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys [?]
S1 MpKsl37a32707;MpKsl37a32707;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys [?]
S1 MpKsl37b65829;MpKsl37b65829;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys [?]
S1 MpKsl3f67a36b;MpKsl3f67a36b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys [?]
S1 MpKsl40a99d9e;MpKsl40a99d9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys [?]
S1 MpKsl43acccda;MpKsl43acccda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys [?]
S1 MpKsl46236b1e;MpKsl46236b1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys [?]
S1 MpKsl4b6a9277;MpKsl4b6a9277;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys [?]
S1 MpKsl4bb7900a;MpKsl4bb7900a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys [?]
S1 MpKsl5035ce86;MpKsl5035ce86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys [?]
S1 MpKsl54e0b092;MpKsl54e0b092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys [?]
S1 MpKsl589171bf;MpKsl589171bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys [?]
S1 MpKsl74ef6e3c;MpKsl74ef6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys [?]
S1 MpKsl767428dc;MpKsl767428dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys [?]
S1 MpKsl7d3e3f30;MpKsl7d3e3f30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys [?]
S1 MpKsl7d595872;MpKsl7d595872;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys [?]
S1 MpKsl80dd2cc9;MpKsl80dd2cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys [?]
S1 MpKsl821069c6;MpKsl821069c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys [?]
S1 MpKsl87aaf8d4;MpKsl87aaf8d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys [?]
S1 MpKsl8ff88da5;MpKsl8ff88da5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys [?]
S1 MpKsl937779ab;MpKsl937779ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys [?]
S1 MpKsla900fe8c;MpKsla900fe8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys [?]
S1 MpKsla97ea4f4;MpKsla97ea4f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys [?]
S1 MpKslaed7ab7d;MpKslaed7ab7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys [?]
S1 MpKslb6182993;MpKslb6182993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys [?]
S1 MpKslc356a204;MpKslc356a204;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys [?]
S1 MpKslc3cef87b;MpKslc3cef87b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys [?]
S1 MpKsld19d35be;MpKsld19d35be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys [?]
S1 MpKsldb976c2d;MpKsldb976c2d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys [?]
S1 MpKslec19a0c0;MpKslec19a0c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys [?]
S1 MpKsleec13ba8;MpKsleec13ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys [?]
S1 MpKslf09b6f6a;MpKslf09b6f6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\Drivers\CSRBC01.sys --> c:\windows\system32\Drivers\CSRBC01.sys [?]
S3 Pluvrram;Pluvrram;c:\windows\SYSTEM32\DRIVERS\ks.sys [3/21/2004 2:28 AM 141056]
S4 Modefslaip;Modefslaip; [x]
S4 mrtRate;mrtRate; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLEC9827DC
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120M0 rev.YAR51EW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8337331B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3648660711-2777915979-1975221019-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,62,d5,a7,0a,1b,7d,32,96,70,05,b7,e1,c5,c1,be,69,fb,2f,0e,2a,3c,39,
e6,bd,01,1c,12,e7,66,83,2f,3f,f4,d6,81,cb,53,78,16,b9,87,1e,f5,8d,63,9f,00,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-11 19:45:59
ComboFix-quarantined-files.txt 2011-05-12 02:45
.
Pre-Run: 30,905,376,768 bytes free
Post-Run: 31,017,324,544 bytes free
.
- - End Of File - - 4AC8E77A3A88DAEC7B3D8301414F4AA1


ComboFix-quarantined-files.txt log

2011-05-21 20:31:37 . 2011-05-21 20:31:22 2,812,931 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe.vir
2011-05-21 20:31:35 . 2011-05-21 18:45:14 91,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe.vir
2011-05-21 20:31:28 . 2011-05-21 18:45:12 2,611,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe.vir
2011-05-21 20:31:28 . 2011-05-05 13:23:10 894 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico.vir
2011-05-21 20:31:28 . 2011-05-05 13:23:10 894 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico.vir
2011-05-21 20:31:28 . 2011-05-05 13:23:10 894 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico.vir
2011-05-12 02:33:15 . 2011-05-21 21:44:45 7,390 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-05-12 02:12:58 . 2011-05-12 10:23:37 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2011-05-12 02:05:50 . 2011-05-21 21:31:49 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-05-11 21:53:35 . 2011-05-11 21:53:35 8,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
2011-05-11 21:00:52 . 2011-05-11 21:00:56 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 22 May 2011 - 06:41 AM

Something I should point out, regarding CCleaner, Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of my colleagues, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.


Step 0.
Uninstall programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitTorrent
CCleaner



Optional removals
CCleaner <<<--- Registry cleaner
BitTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 1.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
C:\AntiVirus AntiSpyware 2011
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= dword:00000000
Driver::
mrtRate
Modefslaip

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2.
MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Things I would like to see in your reply:

  • Which programs were uninstalled in step 0.
  • TRhe content of C:\ComboFix.txt from step 1.
  • The content of the log from MBAM in step 2.

Edited by heir, 22 May 2011 - 06:41 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 May 2011 - 01:47 PM

I uninstalled CCleaner and BitTorrent

ComboFix Log

ComboFix 11-05-21.03 - Robby & Melissa 05/22/2011 11:02:58.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.246 [GMT -7:00]
Running from: c:\documents and settings\Robby & Melissa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robby & Melissa\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\AntiVirus AntiSpyware 2011
c:\antivirus antispyware 2011\Activate AntiVirus AntiSpyware 2011.lnk
c:\antivirus antispyware 2011\AntiVirus AntiSpyware 2011.lnk
c:\antivirus antispyware 2011\Help AntiVirus AntiSpyware 2011.lnk
c:\antivirus antispyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MRTRATE
-------\Service_Modefslaip
-------\Service_mrtRate
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-21 22:14 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA7A3E3C-581B-4FF5-A81B-93D447CA822C}\mpengine.dll
2011-05-12 09:54 . 2011-05-12 09:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-12 09:53 . 2011-05-12 09:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-12 09:17 . 2011-05-12 09:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-12 06:14 . 2011-05-12 07:43 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-12 04:26 . 2011-05-12 04:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-05-11 23:01 . 2011-05-11 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:52 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2004-03-02 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-03-04 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 07:56 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0dd7
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\SYSTEM32\DRIVERS\hpusbfd.sys [2/26/2004 2:10 PM 7552]
S1 MpKsl0597717b;MpKsl0597717b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CB849C8-8132-48F1-BBBE-1268A7348722}\MpKsl0597717b.sys [?]
S1 MpKsl0fd3c3f8;MpKsl0fd3c3f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKsl0fd3c3f8.sys [?]
S1 MpKsl116694de;MpKsl116694de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15006C6D-0302-4DEE-A178-2D61DC1CDDFC}\MpKsl116694de.sys [?]
S1 MpKsl167b2928;MpKsl167b2928;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C6AA5C-4FAA-404F-B61D-86FF15732E3E}\MpKsl167b2928.sys [?]
S1 MpKsl2266c6b0;MpKsl2266c6b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7142015E-10D4-4511-8BCA-4734346F9298}\MpKsl2266c6b0.sys [?]
S1 MpKsl37a32707;MpKsl37a32707;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0F663F4-F2F1-4D3A-9780-CFA0FD43FD23}\MpKsl37a32707.sys [?]
S1 MpKsl37b65829;MpKsl37b65829;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{257F01AD-0CFC-4BAE-A2CB-36C317AD77C8}\MpKsl37b65829.sys [?]
S1 MpKsl3f67a36b;MpKsl3f67a36b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA3195FF-B63D-4AB5-BF0E-E2492CE089B6}\MpKsl3f67a36b.sys [?]
S1 MpKsl40a99d9e;MpKsl40a99d9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl40a99d9e.sys [?]
S1 MpKsl43acccda;MpKsl43acccda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73F4DDA5-616F-49B2-A5BA-2B8900F9A8C7}\MpKsl43acccda.sys [?]
S1 MpKsl46236b1e;MpKsl46236b1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{781AEDBE-658F-4EDF-A1A7-30AE7DE5F2A9}\MpKsl46236b1e.sys [?]
S1 MpKsl4b6a9277;MpKsl4b6a9277;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F941F2D1-8160-49D5-9F02-BF14BDE8E51A}\MpKsl4b6a9277.sys [?]
S1 MpKsl4bb7900a;MpKsl4bb7900a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{730A3838-AF22-4DC7-81CF-390F555C2C3F}\MpKsl4bb7900a.sys [?]
S1 MpKsl5035ce86;MpKsl5035ce86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKsl5035ce86.sys [?]
S1 MpKsl54e0b092;MpKsl54e0b092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl54e0b092.sys [?]
S1 MpKsl589171bf;MpKsl589171bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A288AF59-2F38-4087-8EEB-87D6C3810C7C}\MpKsl589171bf.sys [?]
S1 MpKsl74ef6e3c;MpKsl74ef6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D72BF3E0-766F-46ED-9B13-4CF983D1F630}\MpKsl74ef6e3c.sys [?]
S1 MpKsl767428dc;MpKsl767428dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D83F101F-8C3B-4D5C-9DCD-B8A1B966CCCB}\MpKsl767428dc.sys [?]
S1 MpKsl7d3e3f30;MpKsl7d3e3f30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8444FA02-BB3D-41FA-981B-3F0CC0157592}\MpKsl7d3e3f30.sys [?]
S1 MpKsl7d595872;MpKsl7d595872;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E74AF-09E6-402E-BA33-A4DE97F9C386}\MpKsl7d595872.sys [?]
S1 MpKsl80dd2cc9;MpKsl80dd2cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72AE4839-9C8C-492D-82F8-400B2969003E}\MpKsl80dd2cc9.sys [?]
S1 MpKsl821069c6;MpKsl821069c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6DD4AE-8B53-4CFC-9DEF-3F2B875D29F4}\MpKsl821069c6.sys [?]
S1 MpKsl87aaf8d4;MpKsl87aaf8d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsl87aaf8d4.sys [?]
S1 MpKsl8ff88da5;MpKsl8ff88da5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99FCC64E-542A-4C3B-9F41-6E12C3888612}\MpKsl8ff88da5.sys [?]
S1 MpKsl937779ab;MpKsl937779ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4743987-62CB-405C-B3D8-5E57105F0DE5}\MpKsl937779ab.sys [?]
S1 MpKsla900fe8c;MpKsla900fe8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF0AEAE-5E6B-4C72-83D4-1AFF222A803E}\MpKsla900fe8c.sys [?]
S1 MpKsla97ea4f4;MpKsla97ea4f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C857091C-935D-4C11-87B7-A0F8410F8D73}\MpKsla97ea4f4.sys [?]
S1 MpKslace35c15;MpKslace35c15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslace35c15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13485747-3E25-46F3-A7DC-64D1B47F8684}\MpKslace35c15.sys [?]
S1 MpKslaed7ab7d;MpKslaed7ab7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B0AC6B-2F26-4CBA-B02A-BB0EDDA242A4}\MpKslaed7ab7d.sys [?]
S1 MpKslb5a04e92;MpKslb5a04e92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA7A3E3C-581B-4FF5-A81B-93D447CA822C}\MpKslb5a04e92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA7A3E3C-581B-4FF5-A81B-93D447CA822C}\MpKslb5a04e92.sys [?]
S1 MpKslb6182993;MpKslb6182993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BC62B5F-CAAC-4D3F-9AED-A38D2C61398A}\MpKslb6182993.sys [?]
S1 MpKslc356a204;MpKslc356a204;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60C726E9-3570-44DF-B6E5-792C9D1264B0}\MpKslc356a204.sys [?]
S1 MpKslc3cef87b;MpKslc3cef87b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC90B20-6DC4-4705-A3A9-C646FC1B9D56}\MpKslc3cef87b.sys [?]
S1 MpKslc5da3e36;MpKslc5da3e36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA7A3E3C-581B-4FF5-A81B-93D447CA822C}\MpKslc5da3e36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA7A3E3C-581B-4FF5-A81B-93D447CA822C}\MpKslc5da3e36.sys [?]
S1 MpKsld19d35be;MpKsld19d35be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{509E6784-107F-42D2-A09D-6F9A5A2C6327}\MpKsld19d35be.sys [?]
S1 MpKsldb976c2d;MpKsldb976c2d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{392F80DD-B1FD-44F3-8A52-F5734D58458C}\MpKsldb976c2d.sys [?]
S1 MpKslec19a0c0;MpKslec19a0c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A0D57D-1D5B-4101-9409-67CB907DD1C7}\MpKslec19a0c0.sys [?]
S1 MpKsleec13ba8;MpKsleec13ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE36EAFB-68E9-4797-B17D-05C978C3F80D}\MpKsleec13ba8.sys [?]
S1 MpKslf09b6f6a;MpKslf09b6f6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC3899B-A274-4CC8-ADAA-275AC725DE42}\MpKslf09b6f6a.sys [?]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\Drivers\CSRBC01.sys --> c:\windows\system32\Drivers\CSRBC01.sys [?]
S3 Pluvrram;Pluvrram;c:\windows\SYSTEM32\DRIVERS\ks.sys [3/21/2004 2:28 AM 141056]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 11:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.update]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3648660711-2777915979-1975221019-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,62,d5,a7,0a,1b,7d,32,96,70,05,b7,e1,c5,c1,be,69,fb,2f,0e,2a,3c,39,
e6,bd,01,1c,12,e7,66,83,2f,3f,f4,d6,81,cb,53,78,16,b9,87,1e,f5,8d,63,9f,00,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\WFXSVC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2011-05-22 11:22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-22 18:22
ComboFix2.txt 2011-05-21 21:53
ComboFix3.txt 2011-05-12 02:46
.
Pre-Run: 33,504,481,280 bytes free
Post-Run: 33,479,217,152 bytes free
.
- - End Of File - - 925C7A42DE0D339FCE8FD14EA777115E



MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/22/2011 11:33:18 AM
mbam-log-2011-05-22 (11-33-18).txt

Scan type: Quick scan
Objects scanned: 164386
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\robby & melissa\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.

#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 22 May 2011 - 03:06 PM

When I asked you to delete ComboFix.exe in post#6 did you also delete the log C:\ComboFix.txt ?


Let's run a scan for leftovers as well

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by heir, 22 May 2011 - 04:45 PM.
Added a question

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 May 2011 - 06:40 PM

ESET Online Scanner Log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=af1ac06bda60dc4da511e8134237ebe5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-22 10:12:38
# local_time=2011-05-22 03:12:38 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 74827831 74827831 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132083
# found=7
# cleaned=7
# scan_time=5238
C:\Qoobox\Quarantine\C\AntiVirus AntiSpyware 2011\Help AntiVirus AntiSpyware 2011.lnk.vir LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\AntiVirus AntiSpyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk.vir LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP135\A0050073.exe probably a variant of Win32/Injector.GJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP138\A0054323.exe a variant of Win32/1AntiVirus application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP139\A0054349.exe a variant of Win32/1AntiVirus application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP142\A0059300.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP142\A0059301.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#12 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 22 May 2011 - 06:41 PM

When I asked you to delete ComboFix.exe in post#6 did you also delete the log C:\ComboFix.txt ?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#13 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 May 2011 - 06:45 PM

When I asked you to delete ComboFix.exe in post#6 did you also delete the log C:\ComboFix.txt ?


No, I just deleted the combofix.exe file.

Edited by Rob515, 22 May 2011 - 06:46 PM.


#14 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 22 May 2011 - 06:48 PM

Trying to sort out an issue with the tool.
And you didn't move C:\ComboFix.txt to another location on your computer, did you?

Edited by heir, 22 May 2011 - 06:49 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#15 Rob515

Rob515
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 May 2011 - 06:50 PM

And you didn't move C:\ComboFix.txt to another location on your computer, did you?


No, it has been located at c:\Combofix.txt the entire time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users