Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

was infected... am I still?


  • Please log in to reply
14 replies to this topic

#1 Serp

Serp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 June 2011 - 12:56 PM

I made a post in the XP section of the OS area. It was suggested I post here to see if I am still infected. So here I am.
I was hit with the XP Anti-Malware 2012 program... I called a friend who deals with this sort of thing and he had me go dl rkill and malwarebytes on another computer. While I was getting those, I found your guide to removing the infection and I followed it. I was able to get my computer back, MWB removed 7 items, and then I ran it again after a reboot and it found 2 more items. I still could not turn auto update back on, so I contacted MS and they sent me a reply with three ways to fix it, andthe first one did. I was then able to go to windows update and completely update and install security essentials. I have ran both MWB and SE several times since and have found nothing more. but I am still having issues with connectivity. I am guessing it is either corrupted files or missing files. I did run SFC /scannow at the suggestion of my friend, and it did not find anything.
The virus did install a proxy on both IE and firefox, and MWB removed the proxy settings on IE and I had to manually remove them on firefox. but there are still sites that will not open, and even SE will not update. it gives a connectivity error. Oh, the sites dont open with either IE or firefox, but they do open on another computer, my phone and my ipod.

System is XP Home SP3
Computer: Acer Aspire 3000


Thanks very much
Serp

Here is a log of MWB:
Log 1
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2011 10:25:00 PM
mbam-log-2011-06-07 (22-25-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 207209
Time elapsed: 26 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Cycbot.Gen) -> Bad: (C:\DOCUME~1\Snake\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Snake\application data\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Snake\local settings\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Snake\local settings\application data\lel.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Snake\local settings\Temp\0.7344486531694325.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Snake\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\downloads\macromedia\macromedia.dreamweaver.v8.0.incl.keymaker-zwt\zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

Log 2:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2011 10:55:25 PM
mbam-log-2011-06-07 (22-55-25).txt

Scan type: Quick scan
Objects scanned: 149368
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And log 3:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2011 1:23:05 AM
mbam-log-2011-06-09 (01-23-05).txt

Scan type: Quick scan
Objects scanned: 149853
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Serp, 09 June 2011 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 AM

Posted 09 June 2011 - 07:47 PM

Hello lets check for a bit more mlaware please.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 June 2011 - 09:17 PM

BoopMe, Just ran the exe and the scan results were two, but it doesnt give a CURE for an option.... I do get three options: Skip (default), Delete and Quarantine. I am running TDSSKiller 2.5.4.0. Which option should I use?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 AM

Posted 09 June 2011 - 09:25 PM

Let me see the log please. some are skip.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 June 2011 - 09:50 PM

2011/06/09 22:11:25.0343 1540	TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/09 22:11:25.0890 1540	================================================================================
2011/06/09 22:11:25.0890 1540	SystemInfo:
2011/06/09 22:11:25.0890 1540	
2011/06/09 22:11:25.0890 1540	OS Version: 5.1.2600 ServicePack: 3.0
2011/06/09 22:11:25.0890 1540	Product type: Workstation
2011/06/09 22:11:25.0890 1540	ComputerName: ACER-2
2011/06/09 22:11:25.0890 1540	UserName: Snake
2011/06/09 22:11:25.0890 1540	Windows directory: C:\WINDOWS
2011/06/09 22:11:25.0890 1540	System windows directory: C:\WINDOWS
2011/06/09 22:11:25.0890 1540	Processor architecture: Intel x86
2011/06/09 22:11:25.0890 1540	Number of processors: 1
2011/06/09 22:11:25.0890 1540	Page size: 0x1000
2011/06/09 22:11:25.0890 1540	Boot type: Normal boot
2011/06/09 22:11:25.0890 1540	================================================================================
2011/06/09 22:11:28.0093 1540	Initialize success
2011/06/09 22:11:42.0078 4020	================================================================================
2011/06/09 22:11:42.0078 4020	Scan started
2011/06/09 22:11:42.0078 4020	Mode: Manual; 
2011/06/09 22:11:42.0078 4020	================================================================================
2011/06/09 22:11:43.0296 4020	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/09 22:11:43.0390 4020	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/09 22:11:43.0734 4020	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/09 22:11:44.0015 4020	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/09 22:11:44.0125 4020	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/09 22:11:44.0296 4020	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/09 22:11:45.0140 4020	ALCXWDM         (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/09 22:11:46.0734 4020	AmdK8           (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/09 22:11:47.0593 4020	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/09 22:11:47.0750 4020	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/09 22:11:48.0000 4020	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/09 22:11:48.0187 4020	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/09 22:11:48.0390 4020	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/09 22:11:48.0546 4020	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/09 22:11:48.0687 4020	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/09 22:11:48.0781 4020	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/09 22:11:49.0015 4020	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/09 22:11:49.0125 4020	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/09 22:11:49.0265 4020	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/09 22:11:49.0609 4020	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/09 22:11:49.0953 4020	CoachUsb        (fafa3c99864e9df18cb68725bbcf7bca) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
2011/06/09 22:11:50.0109 4020	CoachVid        (7aefe82c02d4933cee4b7cb78c409845) C:\WINDOWS\system32\DRIVERS\CoachVid.sys
2011/06/09 22:11:50.0234 4020	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/09 22:11:50.0859 4020	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/09 22:11:51.0015 4020	DKbFltr         (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
2011/06/09 22:11:51.0187 4020	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/09 22:11:51.0359 4020	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/09 22:11:51.0437 4020	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/09 22:11:51.0609 4020	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/09 22:11:51.0906 4020	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/09 22:11:52.0078 4020	dtscsi          (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/06/09 22:11:52.0078 4020	Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461e57bb51a848aae26f52427b7cf9e
2011/06/09 22:11:52.0093 4020	dtscsi - detected LockedFile.Multi.Generic (1)
2011/06/09 22:11:52.0359 4020	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/09 22:11:52.0437 4020	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/09 22:11:52.0578 4020	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/09 22:11:52.0703 4020	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/09 22:11:52.0859 4020	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/09 22:11:52.0953 4020	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/09 22:11:53.0031 4020	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/09 22:11:53.0187 4020	gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/06/09 22:11:53.0406 4020	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 22:11:53.0578 4020	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/09 22:11:53.0765 4020	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/09 22:11:54.0093 4020	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/09 22:11:54.0515 4020	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/09 22:11:54.0671 4020	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/09 22:11:55.0234 4020	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/09 22:11:55.0375 4020	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/09 22:11:55.0546 4020	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/09 22:11:55.0718 4020	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/09 22:11:55.0875 4020	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/09 22:11:56.0000 4020	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/09 22:11:56.0140 4020	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/09 22:11:56.0312 4020	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/09 22:11:56.0437 4020	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/09 22:11:56.0593 4020	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/09 22:11:57.0468 4020	LVUSBSta        (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/06/09 22:11:57.0593 4020	MBAMProtector   (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/09 22:11:57.0718 4020	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/09 22:11:57.0875 4020	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/09 22:11:57.0953 4020	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/09 22:11:58.0156 4020	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/09 22:11:58.0312 4020	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/09 22:11:58.0515 4020	MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/09 22:11:58.0718 4020	MpKsl009169e4   (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C974BF7-CFC8-4D11-8789-38CBA0094B60}\MpKsl009169e4.sys
2011/06/09 22:11:59.0031 4020	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/09 22:11:59.0171 4020	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/09 22:11:59.0359 4020	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/09 22:11:59.0546 4020	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/09 22:11:59.0671 4020	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/09 22:11:59.0796 4020	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/09 22:11:59.0968 4020	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/09 22:12:00.0046 4020	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/09 22:12:00.0203 4020	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/09 22:12:00.0312 4020	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/09 22:12:00.0421 4020	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/09 22:12:00.0593 4020	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/09 22:12:00.0703 4020	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/09 22:12:00.0781 4020	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/09 22:12:00.0859 4020	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/09 22:12:01.0109 4020	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/09 22:12:01.0218 4020	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/09 22:12:01.0359 4020	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/09 22:12:01.0562 4020	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/06/09 22:12:01.0781 4020	NPF             (05f6be0427ecb1d4f0985217f30f49f2) C:\WINDOWS\system32\drivers\npf.sys
2011/06/09 22:12:09.0625 4020	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/09 22:12:10.0734 4020	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/09 22:12:10.0937 4020	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/06/09 22:12:11.0031 4020	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/09 22:12:11.0109 4020	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/09 22:12:11.0171 4020	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/09 22:12:11.0312 4020	osaio           (b270a30ae97524e7edb5eca7b2afb846) C:\WINDOWS\system32\drivers\osaio.sys
2011/06/09 22:12:11.0468 4020	osanbm          (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2011/06/09 22:12:11.0578 4020	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/09 22:12:11.0765 4020	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/09 22:12:11.0859 4020	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/09 22:12:11.0937 4020	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/09 22:12:12.0187 4020	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/09 22:12:12.0328 4020	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/09 22:12:13.0281 4020	pepifilter      (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/06/09 22:12:13.0734 4020	pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/09 22:12:13.0875 4020	PID_08A0        (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/06/09 22:12:14.0062 4020	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/09 22:12:14.0203 4020	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/09 22:12:14.0281 4020	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/09 22:12:15.0109 4020	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/09 22:12:15.0234 4020	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/09 22:12:15.0375 4020	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/09 22:12:15.0453 4020	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/09 22:12:15.0609 4020	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/09 22:12:15.0750 4020	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/09 22:12:15.0937 4020	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/09 22:12:16.0140 4020	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/09 22:12:16.0406 4020	RimUsb          (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/06/09 22:12:16.0703 4020	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/09 22:12:16.0828 4020	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/09 22:12:17.0062 4020	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/09 22:12:17.0562 4020	SiS315          (7ba8febf9ecb36c029410e7957e7ff9c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/09 22:12:17.0765 4020	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/06/09 22:12:17.0953 4020	SiSkp           (94a0e9f4a7b42899b793f5de6c362662) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/06/09 22:12:18.0078 4020	SISNICXP        (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2011/06/09 22:12:18.0234 4020	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/09 22:12:18.0515 4020	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/09 22:12:18.0718 4020	sptd            (348b9d006751ebae76f006593b397fc5) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/09 22:12:18.0718 4020	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 348b9d006751ebae76f006593b397fc5
2011/06/09 22:12:18.0750 4020	sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 22:12:18.0984 4020	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/09 22:12:19.0234 4020	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/09 22:12:19.0406 4020	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/09 22:12:19.0578 4020	StyleXPHelper   (7e40b43922b2896f40a5930af7489c60) C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
2011/06/09 22:12:19.0796 4020	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/09 22:12:19.0906 4020	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/09 22:12:20.0687 4020	SynTP           (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/09 22:12:20.0859 4020	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/09 22:12:21.0031 4020	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/09 22:12:21.0171 4020	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/09 22:12:21.0281 4020	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/09 22:12:21.0406 4020	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/09 22:12:21.0796 4020	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/09 22:12:22.0140 4020	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/09 22:12:22.0453 4020	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/09 22:12:22.0562 4020	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/09 22:12:22.0718 4020	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/09 22:12:22.0859 4020	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/09 22:12:22.0984 4020	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/09 22:12:23.0140 4020	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/09 22:12:23.0265 4020	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/09 22:12:23.0359 4020	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/09 22:12:23.0468 4020	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/09 22:12:23.0531 4020	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/09 22:12:23.0796 4020	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 22:12:23.0937 4020	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/09 22:12:24.0140 4020	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/06/09 22:12:24.0390 4020	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/09 22:12:24.0687 4020	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/09 22:12:24.0875 4020	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/09 22:12:25.0093 4020	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/09 22:12:25.0312 4020	MBR (0x1B8)     (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
2011/06/09 22:12:25.0437 4020	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
2011/06/09 22:12:25.0453 4020	================================================================================
2011/06/09 22:12:25.0453 4020	Scan finished
2011/06/09 22:12:25.0453 4020	================================================================================
2011/06/09 22:12:25.0484 2352	Detected object count: 2
2011/06/09 22:12:25.0484 2352	Actual detected object count: 2
2011/06/09 22:49:40.0906 2352	LockedFile.Multi.Generic(dtscsi) - User select action: Skip 
2011/06/09 22:49:40.0906 2352	LockedFile.Multi.Generic(sptd) - User select action: Skip 

i had to select skip to get to the log, I figured I could run it again if needed...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 AM

Posted 10 June 2011 - 10:41 AM

Hi, those are probably CD emulators so we skip them..

Now run ESET ,update and rerun MBAm and we should be good.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 June 2011 - 04:57 PM

Ok, ESET came up clean and did not offer me a log. About to run MBAM.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6832

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/10/2011 6:08:22 PM
mbam-log-2011-06-10 (18-08-21).txt

Scan type: Quick scan
Objects scanned: 151509
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am not sure what is going on with the internet... I got the idea to go to a proxy site, and put in the site that will not open for me now, and it opened. But it still will not open with Firefox or IE.

Edited by Serp, 10 June 2011 - 05:10 PM.


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:24 AM

Posted 15 June 2011 - 04:58 PM

Can you now perform a complete scan?

#9 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 15 June 2011 - 09:00 PM

I have never had a problem performing a complete scan. Would you like me to perform a complete scan? With MBAM?

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:24 AM

Posted 15 June 2011 - 09:25 PM

Yes I would.

#11 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 June 2011 - 02:04 AM

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org



Database version: 6897



Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702



6/20/2011 2:18:39 AM

mbam-log-2011-06-20 (02-18-36).txt



Scan type: Full scan (C:\|D:\|)

Objects scanned: 213854

Time elapsed: 51 minute(s), 56 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

(No malicious items detected)



#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:24 AM

Posted 20 June 2011 - 05:12 AM

Looking good, now can you run the following:

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#13 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 21 June 2011 - 03:28 AM

SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2011 at 10:21 PM

Application Version : 4.54.1000

Core Rules Database Version : 7293
Trace Rules Database Version: 5105

Scan type       : Complete Scan
Total Scan Time : 02:15:03

Memory items scanned      : 229
Memory threats detected   : 0
Registry items scanned    : 5766
Registry threats detected : 1
File items scanned        : 70272
File threats detected     : 65

Adware.Tracking Cookie
	C:\Documents and Settings\Snake\Cookies\snake@tribalfusion[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@microsoftinternetexplorer.112.2o7[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@questionmarket[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@2o7[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@ad.yieldmanager[4].txt
	C:\Documents and Settings\Snake\Cookies\snake@casalemedia[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@advertising[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@ru4[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@atdmt[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@microsoftwindows.112.2o7[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@advertise[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@ads.pubmatic[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@content.yieldmanager[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@beacon.dmsinsights[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@adxpose[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@media6degrees[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@r1-ads.ace.advertising[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@fastclick[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@ads.bleepingcomputer[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@mediaplex[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@msnportal.112.2o7[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@yieldmanager[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@doubleclick[4].txt
	C:\Documents and Settings\Snake\Cookies\snake@invitemedia[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@apmebf[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@bs.serving-sys[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@adbrite[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@pro-market[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@revsci[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@interclick[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@statse.webtrendslive[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@www.find-quick-results[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@edge.ru4[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@stopzilla[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@data4.perf.overture[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@lucidmedia[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@mediabrandsww[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@imrworldwide[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@richmedia.yahoo[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@ad.wsod[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@insightexpressai[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@www.googleadservices[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@collective-media[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@perf.overture[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@serving-sys[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@doubleclick[2].txt
	C:\Documents and Settings\Snake\Cookies\snake@ad.yieldmanager[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@doubleclick[1].txt
	C:\Documents and Settings\Snake\Cookies\snake@ad.yieldmanager[3].txt
	media.mtvnservices.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	media1.break.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	media.scanscout.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	cdn.eyewonder.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	msnbcmedia.msn.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	ia.media-imdb.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	www.naiadsystems.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	s0.2mdn.net [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	cdn.insights.gravity.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	static.discoverymedia.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	vidii.hardsextube.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	www.ziporn.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	adultfriendfinder.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	convoad.technoratimedia.net [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]
	crackle.com [ C:\Documents and Settings\Snake\Application Data\Macromedia\Flash Player\#SharedObjects\CQ6ZCLKX ]

Malware.Trace
	HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL


GMER:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-21 05:24:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 HTS541060G9AT00 rev.MB3VA60A
Running: dsrei13b.exe; Driver: C:\DOCUME~1\Snake\LOCALS~1\Temp\kwldrpob.sys


---- System - GMER 1.0.15 ----

SSDT            sptd.sys                                                                                                             ZwCreateKey [0xF7BD4AC8]
SSDT            sptd.sys                                                                                                             ZwEnumerateKey [0xF7BD4C22]
SSDT            sptd.sys                                                                                                             ZwEnumerateValueKey [0xF7BD4F9A]
SSDT            sptd.sys                                                                                                             ZwOpenKey [0xF7BD498E]
SSDT            sptd.sys                                                                                                             ZwQueryKey [0xF7BD5064]
SSDT            sptd.sys                                                                                                             ZwQueryValueKey [0xF7BD4EFC]
SSDT            sptd.sys                                                                                                             ZwSetValueKey [0xF7BD50EC]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)        ZwTerminateProcess [0xAD54B620]

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                 The process cannot access the file because it is being used by another process.
?               C:\WINDOWS\System32\Drivers\SPTD7869.SYS                                                                             The process cannot access the file because it is being used by another process.
.text           dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                          F74DD4F0 16 Bytes  [A7, BE, 51, BD, FC, E7, 9E, ...] {CMPSD ; MOV ESI, 0xe7fcbd51; SAHF ; LDS EBX, DWORD [ESI-0x69]; DEC EBP; MOV ECX, 0x295f14bb}
.text           dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11                                                                     F74DD501 31 Bytes  [C0, 4D, F7, 4C, FD, 4F, D6, ...]
?               C:\WINDOWS\System32\Drivers\dtscsi.sys                                                                               The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2088] USER32.dll!SetWindowLongA                                7E42C29D 5 Bytes  JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2088] USER32.dll!SetWindowLongW                                7E42C2BB 5 Bytes  JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2088] USER32.dll!GetWindowInfo                                 7E42C49C 5 Bytes  JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2088] USER32.dll!TrackPopupMenu                                7E46531E 5 Bytes  JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!LdrLoadDll                                              7C91632D 5 Bytes  JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F7BD0AD2] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F7BD0C0E] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F7BD0B96] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F7BD176C] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F7BD1642] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F7BF3056] sptd.sys

---- Devices - GMER 1.0.15 ----

Device                                                                                                                               835C80E8
Device                                                                                                                               Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               835C9948
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               835C9948
Device          \Driver\Cdrom \Device\CdRom0                                                                                         831A7548
Device          \FileSystem\Rdbss \Device\FsWrap                                                                                     831360E8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                               835C9948
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F7B2CB40] atapi.sys[unknown section] {MOV EAX, 0x835c95b0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7be4e12; RET }
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F7B2CB40] atapi.sys[unknown section] {MOV EAX, 0x835c95b0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7be4e12; RET }
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [F7B2CB40] atapi.sys[unknown section] {MOV EAX, 0x835c95b0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7be4e12; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          [F7B2CB40] atapi.sys[unknown section] {MOV EAX, 0x835c95b0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7be4e12; RET }
Device          \Driver\Cdrom \Device\CdRom1                                                                                         831A7548
Device          \Driver\NetBT \Device\NetBT_Tcpip_{8AD6ECE3-3B47-4B6A-B723-FB287A135A24}                                             83286EB0
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              83286EB0
Device          \Driver\USBSTOR \Device\00000084                                                                                     8329CA40
Device          \Driver\USBSTOR \Device\00000085                                                                                     8329CA40
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     83286EB0
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5E703DF7-3F1E-4B94-86A9-A837E0257638}                                             83286EB0
Device          \Driver\00000044 \Device\0000004f                                                                                    sptd.sys
Device          \Driver\Disk \Device\Harddisk0\DR0                                                                                   835C93D8
Device          \Driver\Disk \Device\Harddisk1\DR4                                                                                   835C93D8
Device          \Driver\Disk \Device\Harddisk1\DP(1)0-0+5                                                                            835C93D8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    834050E8
Device                                                                                                                               834050E8
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                   8335B670
Device          \Driver\Ftdisk \Device\FtControl                                                                                     835C9948
Device          \FileSystem\Msfs \Device\Mailslot                                                                                    8349AEB0
Device          \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0                                                             8349CEB0
Device          \Driver\dtscsi \Device\Scsi\dtscsi1                                                                                  8349CEB0

AttachedDevice                                                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device                                                                                                                               Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0                                                                   -306059934
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   -1376025583
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   1563505686
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xDD 0x76 0xD8 0x68 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x5C 0x61 0x55 0x3D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x14 0x16 0xB8 0xD0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xDD 0x76 0xD8 0x68 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x5C 0x61 0x55 0x3D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x14 0x16 0xB8 0xD0 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xDD 0x76 0xD8 0x68 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x5C 0x61 0x55 0x3D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x14 0x16 0xB8 0xD0 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                MBR read error
Disk            \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

Edited by Serp, 21 June 2011 - 04:25 AM.


#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:24 AM

Posted 21 June 2011 - 05:53 AM

It looks pretty good, dont see anything that indicates that you are still infected.

#15 Serp

Serp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 21 June 2011 - 05:55 AM

I still cannot connect to certain sites... or part sites (I can got to weather.com but if I hit hourly it errors out on me telling me it it is trying to forward me incorrectly), give me connection errors, but when I use a proxy or tor to connect it connects fine...
it isnt my isp, and it happens to both IE and FF.


Ok... now it is working... guessing that when i ran SuperAntiSpyware and it removed several cookies, that it cleared out what ever the issue was and I can now connect to the sites I was unable to connects to before. Cool... I guess we can consider this closed for the time being. If I notice anything in the future, I will start a new thread and reference this thread in it....

Thank you guys very much.
You all are the bees knees...

Edited by Serp, 21 June 2011 - 06:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users