Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected?


  • This topic is locked This topic is locked
25 replies to this topic

#1 BillyAcer

BillyAcer

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 21 May 2011 - 08:28 PM

I was getting redirects. Since I did the final cleanup, I keep losing my Local Area Connection. A reboot brings it back. The Autoruns scan shows some strange files. You can view the AutoRun file at the first link at the bottom of my post.
DDS:
DDS (Ver_11-03-05.01) - NTFSx86
Run by BoB at 21:06:49.90 on Sat 05/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.360 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Documents and Settings\BoB\Desktop\dds(1).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255302378759
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\pw1bri3s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcbbb8d&v=7.004.022.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - plugin: c:\documents and settings\bob\application data\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S0 klhp;klhp;c:\windows\system32\drivers\hfnuri.sys --> c:\windows\system32\drivers\hfnuri.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 984392]
S4 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S4 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 01:14:40 -------- d-----w- c:\docume~1\bob\locals~1\applic~1\Temp
2011-05-12 11:37:36 -------- d-----w- c:\docume~1\bob\locals~1\applic~1\AVG Security Toolbar
2011-05-12 10:50:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-05-12 10:45:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-12 04:15:49 -------- d-sha-r- C:\cmdcons
2011-05-06 01:34:54 388096 ----a-r- c:\docume~1\bob\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-06 01:34:51 -------- d-----w- c:\program files\Trend Micro
2011-05-03 03:12:17 -------- d-----w- c:\docume~1\bob\applic~1\AVG10
2011-05-03 02:56:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-05-03 02:39:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-03 02:26:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-03 02:14:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-03 02:13:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-05-01 10:52:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-05-01 10:49:10 -------- d-----w- c:\docume~1\bob\applic~1\GetRightToGo
2011-05-01 03:18:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-30 00:33:11 -------- d-----w- C:\found.000
2011-04-28 00:24:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-28 00:24:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-27 01:18:00 122328 ----a-w- c:\program files\mozilla firefox\nsr33.tmp\crashreporter.exe
2011-04-23 13:31:45 77824 --sha-r- c:\windows\system32\kbdbep.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 21:09:32.35 ===============

Here are the links to the work with others on this board:
http://www.bleepingcomputer.com/forums/topic398437.html/page__p__2255663__fromsearch__1#entry2255663
http://www.bleepingcomputer.com/forums/topic396327.html/page__p__2239968__fromsearch__1#entry2239968
http://www.bleepingcomputer.com/forums/topic394909.html/page__p__2229462__fromsearch__1#entry2229462

Edited by Andrew, 31 May 2011 - 08:58 PM.
Mod Edit: Moved From AII To MRL - AA


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:18 PM

Posted 31 May 2011 - 11:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 01 June 2011 - 10:05 PM

DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by BoB at 22:56:11 on 2011-06-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.325 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255302378759
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{3FCD4621-450A-4B3B-AC91-E954B8218584} : DhcpNameServer = 167.206.245.130 167.206.245.129
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\pw1bri3s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcbbb8d&v=7.004.022.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - plugin: c:\documents and settings\bob\application data\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S0 klhp;klhp;c:\windows\system32\drivers\hfnuri.sys --> c:\windows\system32\drivers\hfnuri.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 984392]
S4 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S4 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 01:14:40 -------- d-----w- c:\documents and settings\bob\local settings\application data\Temp
2011-05-12 11:37:36 -------- d-----w- c:\documents and settings\bob\local settings\application data\AVG Security Toolbar
2011-05-12 10:50:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-05-12 10:45:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-12 04:15:49 -------- d-sha-r- C:\cmdcons
2011-05-06 01:34:54 388096 ----a-r- c:\documents and settings\bob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-06 01:34:51 -------- d-----w- c:\program files\Trend Micro
2011-05-03 03:12:17 -------- d-----w- c:\documents and settings\bob\application data\AVG10
.
==================== Find3M ====================
.
2011-05-03 02:26:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-03 02:14:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-23 13:31:45 77824 --sha-r- c:\windows\system32\kbdbep.dll
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 22:59:07.29 ===============

#4 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 02 June 2011 - 07:01 AM

GMER ark.txt file

PS: No disc, the windows file is on the hard drive. Thanks for your time and effort!

Attached Files

  • Attached File  ark.txt   4.28KB   1 downloads

Edited by BillyAcer, 02 June 2011 - 07:06 AM.


#5 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 02 June 2011 - 12:32 PM

Hi BillyAcer,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
Posted Image

#6 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 02 June 2011 - 08:17 PM

Hi Tomk_,

Attached Files



#7 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 02 June 2011 - 08:29 PM

BillyAcer,

Submit a file to VirusTotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the left hand panel Click on Desktop,
  • click on the file MBR.dat
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Posted Image

#8 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 03 June 2011 - 09:18 PM

File name:
MBR.dat
Submission date:
2011-06-04 02:03:56 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.06.04.00 2011.06.03 -
AntiVir 7.11.9.3 2011.06.03 -
Antiy-AVL 2.0.3.7 2011.06.04 -
Avast 4.8.1351.0 2011.06.03 -
Avast5 5.0.677.0 2011.06.03 -
AVG 10.0.0.1190 2011.06.03 -
BitDefender 7.2 2011.06.04 -
CAT-QuickHeal 11.00 2011.06.03 -
ClamAV 0.97.0.0 2011.06.04 -
Commtouch 5.3.2.6 2011.06.03 -
Comodo 8934 2011.06.03 -
DrWeb 5.0.2.03300 2011.06.04 -
Emsisoft 5.1.0.5 2011.06.03 -
eSafe 7.0.17.0 2011.06.02 -
eTrust-Vet 36.1.8366 2011.06.03 -
F-Prot 4.6.2.117 2011.06.03 -
F-Secure 9.0.16440.0 2011.06.04 -
Fortinet 4.2.257.0 2011.06.04 -
GData 22 2011.06.04 -
Ikarus T3.1.1.104.0 2011.06.03 -
Jiangmin 13.0.900 2011.06.01 -
K7AntiVirus 9.104.4763 2011.06.03 -
Kaspersky 9.0.0.837 2011.06.04 -
McAfee 5.400.0.1158 2011.06.04 -
McAfee-GW-Edition 2010.1D 2011.06.04 -
Microsoft 1.6903 2011.06.04 -
NOD32 6178 2011.06.04 -
Norman 6.07.07 2011.06.03 -
nProtect 2011-06-03.02 2011.06.03 -
Panda 10.0.3.5 2011.06.03 -
PCTools 7.0.3.5 2011.06.03 -
Prevx 3.0 2011.06.04 -
Rising 23.60.03.09 2011.06.03 -
Sophos 4.66.0 2011.06.04 -
SUPERAntiSpyware 4.40.0.1006 2011.06.04 -
Symantec 20111.1.0.186 2011.06.04 -
TheHacker 6.7.0.1.215 2011.06.02 -
TrendMicro 9.200.0.1012 2011.06.03 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.04 -
VBA32 3.12.16.0 2011.06.03 -
VIPRE 9478 2011.06.04 -
ViRobot 2011.6.3.4494 2011.06.03 -
VirusBuster 14.0.66.0 2011.06.03 -
Additional information
MD5 : 8345253dc0bacf59ab4997f525ad6ae5
SHA1 : ee849dde50e44170beca5e6c185f50d384e64a52
SHA256: 30460e686b4577ba34cb4c2566b7e601de9c5a8b2d5c06a62fca0f046adffc72
ssdeep: 12:3XDcdCsGRp5oUaAXQDtUWNIbf63oZ37dh8:3TcdCnjQIxl7Q
File size : 512 bytes
First seen: 2011-06-04 02:03:56
Last seen : 2011-06-04 02:03:56
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#9 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 08 June 2011 - 01:30 PM

BillyAcer,

I am so sorry. Somehow I lost track of you.

Let's try a different tool.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Posted Image

#10 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 08 June 2011 - 08:45 PM

2011/06/08 21:40:31.0445 1756 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 21:40:32.0054 1756 ================================================================================
2011/06/08 21:40:32.0054 1756 SystemInfo:
2011/06/08 21:40:32.0054 1756
2011/06/08 21:40:32.0054 1756 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/08 21:40:32.0054 1756 Product type: Workstation
2011/06/08 21:40:32.0054 1756 ComputerName: BOB_HP_TOWER
2011/06/08 21:40:32.0054 1756 UserName: BoB
2011/06/08 21:40:32.0054 1756 Windows directory: C:\WINDOWS
2011/06/08 21:40:32.0054 1756 System windows directory: C:\WINDOWS
2011/06/08 21:40:32.0054 1756 Processor architecture: Intel x86
2011/06/08 21:40:32.0054 1756 Number of processors: 1
2011/06/08 21:40:32.0054 1756 Page size: 0x1000
2011/06/08 21:40:32.0054 1756 Boot type: Normal boot
2011/06/08 21:40:32.0054 1756 ================================================================================
2011/06/08 21:40:41.0679 1756 Initialize success
2011/06/08 21:40:56.0195 2552 ================================================================================
2011/06/08 21:40:56.0195 2552 Scan started
2011/06/08 21:40:56.0195 2552 Mode: Manual;
2011/06/08 21:40:56.0195 2552 ================================================================================
2011/06/08 21:40:59.0788 2552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 21:41:00.0382 2552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 21:41:01.0554 2552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 21:41:02.0163 2552 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 21:41:02.0741 2552 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/08 21:41:03.0257 2552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/08 21:41:05.0945 2552 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/08 21:41:07.0741 2552 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/06/08 21:41:10.0163 2552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 21:41:10.0804 2552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 21:41:11.0741 2552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 21:41:12.0429 2552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 21:41:13.0116 2552 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/08 21:41:13.0679 2552 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/08 21:41:14.0195 2552 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/08 21:41:14.0695 2552 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/08 21:41:15.0288 2552 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/08 21:41:16.0007 2552 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/08 21:41:16.0538 2552 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/08 21:41:17.0148 2552 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/08 21:41:17.0835 2552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 21:41:18.0413 2552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 21:41:19.0445 2552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 21:41:20.0101 2552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 21:41:20.0757 2552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 21:41:23.0804 2552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 21:41:24.0632 2552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 21:41:25.0570 2552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 21:41:26.0195 2552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 21:41:26.0788 2552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 21:41:27.0945 2552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 21:41:28.0476 2552 drvmcdb (a605a3d1a946d7b9b8e011a056445136) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/08 21:41:29.0195 2552 drvnddm (394d65a0da6bd18eaca54ae4fef28054) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/08 21:41:29.0882 2552 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/08 21:41:30.0585 2552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 21:41:31.0179 2552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/08 21:41:31.0804 2552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 21:41:32.0382 2552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/08 21:41:33.0085 2552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/08 21:41:33.0648 2552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 21:41:34.0210 2552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 21:41:34.0773 2552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 21:41:36.0304 2552 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/08 21:41:37.0054 2552 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/08 21:41:37.0695 2552 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/08 21:41:38.0413 2552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 21:41:39.0945 2552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/08 21:41:40.0616 2552 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/06/08 21:41:41.0257 2552 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/06/08 21:41:41.0820 2552 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/06/08 21:41:42.0398 2552 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/06/08 21:41:42.0960 2552 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/06/08 21:41:43.0507 2552 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/06/08 21:41:44.0085 2552 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/06/08 21:41:44.0663 2552 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/06/08 21:41:45.0398 2552 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/06/08 21:41:45.0960 2552 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/06/08 21:41:46.0585 2552 ialm (86ba1718dee415bcd63fbe35f425d874) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/08 21:41:47.0195 2552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 21:41:48.0304 2552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/08 21:41:48.0804 2552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/08 21:41:49.0538 2552 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/08 21:41:50.0148 2552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 21:41:50.0695 2552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 21:41:51.0366 2552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 21:41:52.0085 2552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 21:41:52.0741 2552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 21:41:53.0351 2552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 21:41:53.0898 2552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 21:41:54.0991 2552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 21:41:55.0601 2552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 21:41:56.0851 2552 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/06/08 21:41:57.0820 2552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 21:41:58.0460 2552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 21:41:58.0976 2552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 21:41:59.0570 2552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 21:42:00.0601 2552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 21:42:01.0351 2552 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 21:42:02.0054 2552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 21:42:02.0554 2552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 21:42:03.0101 2552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 21:42:03.0679 2552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 21:42:04.0163 2552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 21:42:04.0773 2552 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 21:42:05.0320 2552 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/06/08 21:42:06.0070 2552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 21:42:06.0804 2552 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 21:42:07.0413 2552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 21:42:07.0960 2552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 21:42:08.0570 2552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 21:42:09.0085 2552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 21:42:09.0726 2552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 21:42:10.0523 2552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 21:42:11.0366 2552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 21:42:12.0116 2552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 21:42:13.0085 2552 nv (5e00e941e2bfcde1db2edc02034d987c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/08 21:42:14.0288 2552 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/06/08 21:42:15.0148 2552 nv_agp (97e6e7dc388ac4d0052edc375b0e1a0c) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/06/08 21:42:15.0648 2552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 21:42:16.0241 2552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 21:42:16.0866 2552 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/08 21:42:17.0445 2552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 21:42:18.0023 2552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 21:42:18.0570 2552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 21:42:19.0085 2552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 21:42:20.0054 2552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/08 21:42:20.0554 2552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 21:42:23.0788 2552 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/08 21:42:24.0382 2552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 21:42:25.0007 2552 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/08 21:42:25.0601 2552 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/08 21:42:26.0226 2552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 21:42:26.0835 2552 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/08 21:42:29.0585 2552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 21:42:30.0226 2552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 21:42:30.0866 2552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 21:42:31.0523 2552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 21:42:32.0273 2552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 21:42:32.0835 2552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 21:42:33.0445 2552 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 21:42:34.0038 2552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 21:42:34.0788 2552 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/06/08 21:42:35.0663 2552 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/08 21:42:36.0351 2552 S3Psddr (6d9e6867f89a3b06cf317fc4c7ee5029) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/08 21:42:37.0101 2552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 21:42:37.0741 2552 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 21:42:38.0366 2552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 21:42:38.0991 2552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 21:42:40.0132 2552 SiS315 (22a668951fe95d2a19e45f83b480cddc) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/08 21:42:40.0804 2552 SISAGP (c729eb60dd40948e5eb3fb53dc9cad44) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
2011/06/08 21:42:41.0835 2552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 21:42:43.0476 2552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 21:42:44.0304 2552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 21:42:45.0210 2552 sscdbhk5 (0885506bd787a1ae7041ea1d0e0f7922) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/08 21:42:45.0945 2552 ssrtln (a9e4acee2d7c9736cd753d630e13a386) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/08 21:42:46.0820 2552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 21:42:47.0710 2552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 21:42:49.0101 2552 SymEvent (a3e7deab1ec157750ed8041d0eaddb3c) C:\Program Files\Symantec\SYMEVENT.SYS
2011/06/08 21:42:50.0976 2552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 21:42:51.0773 2552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 21:42:52.0570 2552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 21:42:53.0413 2552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 21:42:53.0945 2552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 21:42:55.0601 2552 tfsnboio (471b28101ee53b965b836033d8fe7955) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/08 21:42:56.0445 2552 tfsncofs (70766ef81e05ea358118468a722fa1f5) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/08 21:42:56.0991 2552 tfsndrct (66fd0aac1648bc38cd3cd130a4ea12e0) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/08 21:42:57.0632 2552 tfsndres (2b35fcaa75b1c475374d1474a1c2efe1) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/08 21:42:58.0663 2552 tfsnopio (a56ebc32e332f66488cbf9c5ef4e084a) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/08 21:42:59.0132 2552 tfsnpool (53809135b8eb9eb2b29525f125456741) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/08 21:42:59.0773 2552 tfsnudf (03e0ce19e5f6a8009ebdc3cc087a6c9c) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/08 21:43:00.0538 2552 tfsnudfa (3f8f05be8f1d68a598412927aeb57bd9) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/08 21:43:02.0288 2552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 21:43:03.0679 2552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 21:43:04.0445 2552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/08 21:43:05.0054 2552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 21:43:05.0945 2552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 21:43:06.0632 2552 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/08 21:43:07.0132 2552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/08 21:43:07.0695 2552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/08 21:43:08.0241 2552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 21:43:08.0726 2552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/08 21:43:09.0273 2552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 21:43:09.0820 2552 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/06/08 21:43:10.0288 2552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/08 21:43:10.0804 2552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 21:43:11.0304 2552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 21:43:12.0366 2552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 21:43:12.0913 2552 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/08 21:43:13.0507 2552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/08 21:43:14.0163 2552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/08 21:43:14.0757 2552 {6080A529-897E-4629-A488-ABA0C29B635E} (5b3d453a2f38105bcd0c573b94dea346) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/08 21:43:15.0507 2552 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (e147bd61a697701096ca5c830a5adb90) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/08 21:43:15.0648 2552 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
2011/06/08 21:43:15.0648 2552 ================================================================================
2011/06/08 21:43:15.0648 2552 Scan finished
2011/06/08 21:43:15.0648 2552 ================================================================================
2011/06/08 21:43:15.0663 3876 Detected object count: 0
2011/06/08 21:43:15.0663 3876 Actual detected object count: 0

#11 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 08 June 2011 - 09:39 PM

BillyAcer,

I'm just not finding any malware. Therefore I must conclude that your issues are not malware related.

I suggest you post in the Windows XP forum and seek help from the Tech Team.

Make sense to you?

But first... a little housekeeping.

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved (at least as far as malware is concerned). :thumbup:
Posted Image

#12 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 09 June 2011 - 07:30 PM

Tomk,
First of all, thanks for all your help! Before we close, did you see my Autoruns file? They sent me here from XP for what they thought was some leftover malware. For example, + "klhp" "" "" "File not found: System32\drivers\hfnuri.sys"

Attached Files



#13 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 09 June 2011 - 07:52 PM

I did not see your autoruns file. In fact.. the file you attached I can't figure out how to read. When I open it I get gobbledy-gook.

But... that entry does show as an orphaned service in your log. We can remove it.

  • Click Start , then Run
  • Type notepad.exe in the Run Box.
    Copy and Paste everything from the Quote box into Notepad:

    @Echo off
    sc stop "klhp"
    sc delete "klhp"
    del delete.bat

  • Save the file to your DESKTOP as "delete.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:Posted Image
  • Double click delete.bat.

Posted Image

#14 BillyAcer

BillyAcer
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 10 June 2011 - 06:08 AM

I may have posted the wrong file?

Attached Files



#15 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 10 June 2011 - 09:41 AM

No... you posted the correct file. It was my computer scrambling it for some reason. I've read it now. I don't see any entries that I believe to be malware. Are there some that concern you?
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users