Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus/TDSS


  • This topic is locked This topic is locked
14 replies to this topic

#1 daniellemarren

daniellemarren

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 07 July 2011 - 11:04 AM

Hi, I am a new member and I need some help!
My computer redirects me every time i make a search, and not ONLY on Google. it happens on Yahoo & Bing as well.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Run by Danielle at 0:18:37 on 2011-07-07
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.881 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Raptr\raptr_ep32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFQT1UtVUczQU0tQ1ZWU1AtUVg5UjktSE85SlMtUw"&"inst=NzYtODczMzE4NDg5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1YTzkrMS1GOU0yKzItRERUKzA"&"prod=94"&"ver=10.0.1388
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 68.94.156.1 68.94.157.1
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danielle\appdata\roaming\mozilla\firefox\profiles\hunimxje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16794S&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-8-9 22104]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PLAVService;PLAVService;c:\program files\common files\plav\plavservice.exe [2010-9-8 599384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
.
=============== Created Last 30 ================
.
2011-07-07 04:34:43 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-07 03:44:17 98816 ----a-w- c:\windows\sed.exe
2011-07-07 03:44:17 518144 ----a-w- c:\windows\SWREG.exe
2011-07-07 03:44:17 256000 ----a-w- c:\windows\PEV.exe
2011-07-07 03:44:17 208896 ----a-w- c:\windows\MBR.exe
2011-07-07 03:43:52 -------- d-----w- C:\ComboFix
2011-07-07 03:35:52 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-07 03:35:52 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-07 03:03:49 -------- d-----w- c:\programdata\PLAV
2011-07-07 03:03:17 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2011-07-07 02:52:41 -------- d-----w- c:\programdata\ParetoLogic
2011-07-07 02:52:41 -------- d-----w- c:\program files\common files\ParetoLogic
2011-07-07 02:51:45 -------- d-----w- c:\program files\common files\PLAV
2011-07-07 02:51:28 -------- d-----w- c:\program files\ParetoLogic
2011-07-06 23:52:12 -------- d-----w- c:\users\danielle\appdata\roaming\AVG10
2011-07-06 23:45:03 -------- d-----w- c:\programdata\AVG10
2011-07-06 23:21:02 -------- d-----w- c:\program files\WhiteSmoke_Bar
2011-07-06 23:08:41 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a57e8162-5d65-49ca-bd8f-f151bae69ae2}\mpengine.dll
2011-07-06 18:38:04 0 ----a-w- c:\users\danielle\appdata\local\Iqirilobaka.bin
2011-07-06 18:38:02 -------- d-----w- c:\users\danielle\appdata\local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}
2011-07-06 17:25:11 -------- d-----w- c:\program files\Apple Software Update(7)
2011-07-06 17:21:33 -------- d-----w- c:\program files\iPod(33)
2011-07-06 17:11:32 -------- d-----w- c:\program files\Bonjour(8)
2011-07-06 05:03:24 -------- d-----w- c:\program files\Coupons
2011-06-15 19:21:14 -------- d-----w- c:\program files\Business-in-a-Box
.
==================== Find3M ====================
.
.
============= FINISH: 0:26:02.85 ===============

Attached Files

  • Attached File  ark.txt   5.58KB   2 downloads

Edited by daniellemarren, 07 July 2011 - 12:23 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 07 July 2011 - 01:03 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • The Attach.txt log from DDS
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 07 July 2011 - 02:04 PM

TDSSKiller log









2011/07/07 13:14:48.0562 1352 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:212011/07/07 13:14:49.0213 1352 ================================================================================2011/07/07 13:14:49.0213 1352 SystemInfo:2011/07/07 13:14:49.0213 1352 2011/07/07 13:14:49.0213 1352 OS Version: 6.0.6000 ServicePack: 0.02011/07/07 13:14:49.0213 1352 Product type: Workstation2011/07/07 13:14:49.0213 1352 ComputerName: FAMILY-PC2011/07/07 13:14:49.0213 1352 UserName: Danielle2011/07/07 13:14:49.0214 1352 Windows directory: C:\Windows2011/07/07 13:14:49.0214 1352 System windows directory: C:\Windows2011/07/07 13:14:49.0214 1352 Processor architecture: Intel x862011/07/07 13:14:49.0214 1352 Number of processors: 22011/07/07 13:14:49.0214 1352 Page size: 0x10002011/07/07 13:14:49.0214 1352 Boot type: Normal boot2011/07/07 13:14:49.0214 1352 ================================================================================2011/07/07 13:14:51.0567 1352 Initialize success2011/07/07 13:15:00.0410 5036 ================================================================================2011/07/07 13:15:00.0410 5036 Scan started2011/07/07 13:15:00.0410 5036 Mode: Manual; 2011/07/07 13:15:00.0410 5036 ================================================================================2011/07/07 13:15:01.0658 5036 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys2011/07/07 13:15:02.0103 5036 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys2011/07/07 13:15:02.0385 5036 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys2011/07/07 13:15:02.0475 5036 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys2011/07/07 13:15:02.0601 5036 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys2011/07/07 13:15:02.0856 5036 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys2011/07/07 13:15:02.0999 5036 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys2011/07/07 13:15:03.0707 5036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys2011/07/07 13:15:04.0290 5036 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys2011/07/07 13:15:04.0434 5036 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys2011/07/07 13:15:04.0625 5036 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys2011/07/07 13:15:04.0725 5036 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys2011/07/07 13:15:04.0781 5036 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys2011/07/07 13:15:05.0064 5036 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys2011/07/07 13:15:05.0184 5036 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys2011/07/07 13:15:05.0594 5036 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys2011/07/07 13:15:05.0890 5036 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys2011/07/07 13:15:06.0038 5036 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys2011/07/07 13:15:06.0320 5036 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys2011/07/07 13:15:06.0497 5036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys2011/07/07 13:15:06.0555 5036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys2011/07/07 13:15:06.0761 5036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys2011/07/07 13:15:06.0823 5036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys2011/07/07 13:15:06.0846 5036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys2011/07/07 13:15:06.0869 5036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys2011/07/07 13:15:06.0983 5036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys2011/07/07 13:15:07.0405 5036 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys2011/07/07 13:15:07.0483 5036 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys2011/07/07 13:15:07.0563 5036 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys2011/07/07 13:15:07.0648 5036 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys2011/07/07 13:15:07.0789 5036 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys2011/07/07 13:15:07.0883 5036 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys2011/07/07 13:15:07.0942 5036 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys2011/07/07 13:15:07.0965 5036 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys2011/07/07 13:15:08.0131 5036 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys2011/07/07 13:15:08.0388 5036 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys2011/07/07 13:15:08.0473 5036 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys2011/07/07 13:15:08.0552 5036 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys2011/07/07 13:15:08.0875 5036 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys2011/07/07 13:15:09.0138 5036 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys2011/07/07 13:15:09.0378 5036 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys2011/07/07 13:15:09.0654 5036 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys2011/07/07 13:15:09.0740 5036 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys2011/07/07 13:15:09.0889 5036 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys2011/07/07 13:15:09.0923 5036 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys2011/07/07 13:15:09.0951 5036 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys2011/07/07 13:15:09.0995 5036 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys2011/07/07 13:15:10.0067 5036 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys2011/07/07 13:15:10.0701 5036 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys2011/07/07 13:15:11.0292 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2011/07/07 13:15:11.0580 5036 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys2011/07/07 13:15:11.0748 5036 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys2011/07/07 13:15:11.0830 5036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys2011/07/07 13:15:11.0848 5036 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys2011/07/07 13:15:12.0070 5036 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys2011/07/07 13:15:12.0310 5036 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys2011/07/07 13:15:12.0586 5036 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys2011/07/07 13:15:12.0739 5036 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys2011/07/07 13:15:12.0851 5036 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys2011/07/07 13:15:12.0973 5036 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys2011/07/07 13:15:13.0095 5036 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys2011/07/07 13:15:13.0225 5036 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys2011/07/07 13:15:13.0349 5036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys2011/07/07 13:15:13.0561 5036 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys2011/07/07 13:15:13.0817 5036 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys2011/07/07 13:15:13.0840 5036 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys2011/07/07 13:15:13.0867 5036 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys2011/07/07 13:15:13.0922 5036 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys2011/07/07 13:15:13.0950 5036 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys2011/07/07 13:15:14.0164 5036 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys2011/07/07 13:15:14.0190 5036 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys2011/07/07 13:15:14.0228 5036 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys2011/07/07 13:15:14.0248 5036 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys2011/07/07 13:15:14.0269 5036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys2011/07/07 13:15:14.0344 5036 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys2011/07/07 13:15:14.0510 5036 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys2011/07/07 13:15:14.0577 5036 kl1 (47f4320cff5bd3de472bb300a32a879e) C:\Windows\system32\DRIVERS\kl1.sys2011/07/07 13:15:14.0784 5036 KLIF (99035483c7feab9de061ca185abfd33a) C:\Windows\system32\DRIVERS\klif.sys2011/07/07 13:15:14.0932 5036 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys2011/07/07 13:15:15.0081 5036 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys2011/07/07 13:15:15.0238 5036 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys2011/07/07 13:15:15.0388 5036 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys2011/07/07 13:15:15.0571 5036 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys2011/07/07 13:15:15.0679 5036 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys2011/07/07 13:15:15.0718 5036 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys2011/07/07 13:15:15.0738 5036 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys2011/07/07 13:15:15.0766 5036 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys2011/07/07 13:15:15.0929 5036 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys2011/07/07 13:15:16.0020 5036 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys2011/07/07 13:15:16.0139 5036 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys2011/07/07 13:15:16.0293 5036 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys2011/07/07 13:15:16.0352 5036 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys2011/07/07 13:15:16.0466 5036 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys2011/07/07 13:15:16.0555 5036 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys2011/07/07 13:15:16.0720 5036 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys2011/07/07 13:15:16.0890 5036 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys2011/07/07 13:15:16.0932 5036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys2011/07/07 13:15:17.0037 5036 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS2011/07/07 13:15:17.0149 5036 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS2011/07/07 13:15:17.0329 5036 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys2011/07/07 13:15:17.0365 5036 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys2011/07/07 13:15:17.0392 5036 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys2011/07/07 13:15:17.0551 5036 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys2011/07/07 13:15:17.0639 5036 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys2011/07/07 13:15:17.0949 5036 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys2011/07/07 13:15:17.0995 5036 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys2011/07/07 13:15:18.0074 5036 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys2011/07/07 13:15:18.0297 5036 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys2011/07/07 13:15:18.0320 5036 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys2011/07/07 13:15:18.0342 5036 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys2011/07/07 13:15:18.0375 5036 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys2011/07/07 13:15:18.0566 5036 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys2011/07/07 13:15:18.0877 5036 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys2011/07/07 13:15:18.0907 5036 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys2011/07/07 13:15:19.0124 5036 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys2011/07/07 13:15:19.0217 5036 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys2011/07/07 13:15:19.0488 5036 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys2011/07/07 13:15:19.0527 5036 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys2011/07/07 13:15:19.0573 5036 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys2011/07/07 13:15:19.0746 5036 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys2011/07/07 13:15:19.0829 5036 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys2011/07/07 13:15:19.0872 5036 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys2011/07/07 13:15:20.0445 5036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys2011/07/07 13:15:21.0005 5036 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys2011/07/07 13:15:21.0153 5036 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys2011/07/07 13:15:21.0365 5036 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys2011/07/07 13:15:21.0567 5036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys2011/07/07 13:15:21.0653 5036 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys2011/07/07 13:15:22.0114 5036 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys2011/07/07 13:15:22.0803 5036 nvlddmkm (7939c99278e1e44afb32d7a4dcc322de) C:\Windows\system32\DRIVERS\nvlddmkm.sys2011/07/07 13:15:23.0925 5036 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys2011/07/07 13:15:24.0017 5036 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys2011/07/07 13:15:24.0114 5036 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys2011/07/07 13:15:24.0252 5036 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys2011/07/07 13:15:24.0488 5036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys2011/07/07 13:15:24.0525 5036 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys2011/07/07 13:15:24.0573 5036 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys2011/07/07 13:15:24.0849 5036 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys2011/07/07 13:15:25.0174 5036 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys2011/07/07 13:15:25.0359 5036 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys2011/07/07 13:15:25.0637 5036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys2011/07/07 13:15:25.0940 5036 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys2011/07/07 13:15:25.0974 5036 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys2011/07/07 13:15:26.0127 5036 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys2011/07/07 13:15:26.0331 5036 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys2011/07/07 13:15:26.0435 5036 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys2011/07/07 13:15:26.0654 5036 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys2011/07/07 13:15:26.0692 5036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys2011/07/07 13:15:26.0847 5036 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys2011/07/07 13:15:26.0867 5036 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys2011/07/07 13:15:26.0898 5036 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys2011/07/07 13:15:26.0926 5036 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys2011/07/07 13:15:26.0958 5036 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys2011/07/07 13:15:27.0129 5036 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys2011/07/07 13:15:27.0171 5036 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys2011/07/07 13:15:27.0195 5036 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys2011/07/07 13:15:27.0227 5036 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys2011/07/07 13:15:27.0283 5036 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys2011/07/07 13:15:27.0455 5036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys2011/07/07 13:15:27.0505 5036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2011/07/07 13:15:27.0538 5036 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys2011/07/07 13:15:27.0571 5036 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys2011/07/07 13:15:27.0867 5036 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys2011/07/07 13:15:27.0930 5036 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys2011/07/07 13:15:27.0948 5036 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys2011/07/07 13:15:27.0973 5036 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys2011/07/07 13:15:27.0997 5036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys2011/07/07 13:15:28.0063 5036 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys2011/07/07 13:15:28.0089 5036 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys2011/07/07 13:15:28.0113 5036 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys2011/07/07 13:15:28.0165 5036 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys2011/07/07 13:15:28.0273 5036 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys2011/07/07 13:15:28.0378 5036 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys2011/07/07 13:15:28.0565 5036 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys2011/07/07 13:15:28.0699 5036 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys2011/07/07 13:15:28.0874 5036 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys2011/07/07 13:15:29.0111 5036 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys2011/07/07 13:15:29.0447 5036 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys2011/07/07 13:15:29.0497 5036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys2011/07/07 13:15:29.0523 5036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys2011/07/07 13:15:29.0700 5036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys2011/07/07 13:15:29.0807 5036 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys2011/07/07 13:15:29.0942 5036 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys2011/07/07 13:15:29.0993 5036 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys2011/07/07 13:15:30.0048 5036 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys2011/07/07 13:15:30.0066 5036 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys2011/07/07 13:15:30.0104 5036 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys2011/07/07 13:15:30.0264 5036 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys2011/07/07 13:15:30.0360 5036 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys2011/07/07 13:15:30.0553 5036 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys2011/07/07 13:15:30.0589 5036 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys2011/07/07 13:15:30.0662 5036 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys2011/07/07 13:15:30.0807 5036 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys2011/07/07 13:15:30.0870 5036 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys2011/07/07 13:15:30.0920 5036 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys2011/07/07 13:15:30.0967 5036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys2011/07/07 13:15:31.0099 5036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys2011/07/07 13:15:31.0165 5036 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys2011/07/07 13:15:31.0244 5036 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys2011/07/07 13:15:31.0295 5036 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys2011/07/07 13:15:31.0439 5036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys2011/07/07 13:15:31.0525 5036 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys2011/07/07 13:15:31.0567 5036 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys2011/07/07 13:15:31.0728 5036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys2011/07/07 13:15:32.0072 5036 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys2011/07/07 13:15:32.0230 5036 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys2011/07/07 13:15:32.0421 5036 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS2011/07/07 13:15:32.0557 5036 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys2011/07/07 13:15:32.0619 5036 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys2011/07/07 13:15:32.0801 5036 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys2011/07/07 13:15:32.0868 5036 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys2011/07/07 13:15:32.0985 5036 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys2011/07/07 13:15:33.0077 5036 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys2011/07/07 13:15:33.0156 5036 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys2011/07/07 13:15:33.0186 5036 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys2011/07/07 13:15:33.0341 5036 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys2011/07/07 13:15:33.0449 5036 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys2011/07/07 13:15:33.0561 5036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys2011/07/07 13:15:33.0636 5036 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys2011/07/07 13:15:33.0672 5036 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys2011/07/07 13:15:33.0803 5036 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys2011/07/07 13:15:33.0970 5036 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys2011/07/07 13:15:34.0122 5036 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys2011/07/07 13:15:34.0329 5036 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys2011/07/07 13:15:34.0584 5036 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys2011/07/07 13:15:35.0465 5036 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys2011/07/07 13:15:35.0761 5036 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys2011/07/07 13:15:35.0891 5036 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys2011/07/07 13:15:36.0080 5036 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys2011/07/07 13:15:36.0172 5036 MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR02011/07/07 13:15:36.0195 5036 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/07/07 13:15:36.0208 5036 Boot (0x1200) (e37ab90dccdac86e53c26d0880f74916) \Device\Harddisk0\DR0\Partition02011/07/07 13:15:36.0248 5036 Boot (0x1200) (c83fb83e25bc24c226da38c40380c01e) \Device\Harddisk0\DR0\Partition12011/07/07 13:15:36.0254 5036 ================================================================================2011/07/07 13:15:36.0254 5036 Scan finished2011/07/07 13:15:36.0254 5036 ================================================================================2011/07/07 13:15:36.0271 4720 Detected object count: 12011/07/07 13:15:36.0271 4720 Actual detected object count: 12011/07/07 13:15:53.0783 4720 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot2011/07/07 13:15:53.0783 4720 \Device\Harddisk0\DR0 - ok2011/07/07 13:15:53.0785 4720 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/07 13:16:02.0409 5392 Deinitialize success














ComboFix log










ComboFix 11-07-06.05 - Danielle 07/07/2011 13:30:12.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.987 [GMT -5:00]Running from: c:\users\Danielle\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..Infected copy of c:\windows\system32\kernel32.dll was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!WINDOWS!System32!kernel32.dll ..((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))..2011-07-07 18:41 . 2011-07-07 18:41 -------- d-----w- c:\users\Olivia\AppData\Local\temp2011-07-07 18:41 . 2011-07-07 18:41 -------- d-----w- c:\users\Heidi\AppData\Local\temp2011-07-07 18:41 . 2011-07-07 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp2011-07-07 18:41 . 2011-07-07 18:41 -------- d-----w- c:\users\Dad\AppData\Local\temp2011-07-07 03:35 . 2011-07-07 03:35 97859 ----a-w- c:\windows\system32\drivers\klick.dat2011-07-07 03:35 . 2011-07-07 03:35 115267 ----a-w- c:\windows\system32\drivers\klin.dat2011-07-07 03:03 . 2011-07-07 03:03 -------- d-----w- c:\programdata\PLAV2011-07-07 03:03 . 2011-07-07 03:03 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS2011-07-07 02:52 . 2011-07-07 02:52 -------- d-----w- c:\programdata\ParetoLogic2011-07-07 02:52 . 2011-07-07 02:52 -------- d-----w- c:\program files\Common Files\ParetoLogic2011-07-07 02:51 . 2011-07-07 02:51 -------- d-----w- c:\program files\Common Files\PLAV2011-07-07 02:51 . 2011-07-07 02:51 -------- d-----w- c:\program files\ParetoLogic2011-07-06 23:52 . 2011-07-06 23:52 -------- d-----w- c:\users\Danielle\AppData\Roaming\AVG102011-07-06 23:45 . 2011-07-07 04:15 -------- d-----w- c:\programdata\AVG102011-07-06 23:21 . 2011-07-07 16:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Conduit2011-07-06 18:38 . 2011-07-06 18:38 0 ----a-w- c:\users\Danielle\AppData\Local\Iqirilobaka.bin2011-07-06 18:38 . 2011-07-06 18:38 -------- d-----w- c:\users\Danielle\AppData\Local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}2011-07-06 17:25 . 2011-07-06 17:25 -------- d-----w- c:\program files\Apple Software Update(7)2011-07-06 17:21 . 2011-07-06 19:46 -------- d-----w- c:\program files\iPod(33)2011-07-06 17:11 . 2011-07-06 19:46 -------- d-----w- c:\program files\Bonjour(8)2011-07-06 05:03 . 2011-07-06 05:03 -------- d-----w- c:\program files\Coupons2011-06-15 19:21 . 2011-06-15 19:24 -------- d-----w- c:\program files\Business-in-a-Box...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-04-18 14:15 . 2011-07-06 23:08 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A57E8162-5D65-49CA-BD8F-F151BAE69AE2}\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-02-23 1232896]"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 1480296]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-21 90191]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-21 7753728]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-21 81920]"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http:" [X].c:\users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-11-19 114688]LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808].c:\users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808].c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-26 34520]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-21 805392]McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 PLAVService;PLAVService;c:\program files\Common Files\PLAV\PLAVservice.exe [2010-09-08 599384]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-22 697328]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-08-09 22104]S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 03:33].2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 03:33].2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123754288-1640410020-4041290471-1001Core.job- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 00:48].2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123754288-1640410020-4041290471-1001UA.job- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 00:48].2011-05-09 c:\windows\Tasks\Norton Security Scan for Heidi.job- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-08 16:06].2011-05-10 c:\windows\Tasks\Norton Security Scan for Olivia.job- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-08 16:06].2011-07-07 c:\windows\Tasks\ParetoLogic Registration3.job- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-08 17:31].2011-07-07 c:\windows\Tasks\ParetoLogic Update Version3.job- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-08 17:31].2011-07-07 c:\windows\Tasks\User_Feed_Synchronization-{4A348C50-0879-4CCE-99E4-2028C27DFDDD}.job- c:\windows\system32\msfeedssync.exe [2010-04-11 04:54]..------- Supplementary Scan -------.uStart Page = hxxp://facebook.com/mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktopuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlTCP: DhcpNameServer = 68.94.156.1 68.94.157.1FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\hunimxje.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16794S&l=disFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com.- - - - ORPHANS REMOVED - - - -.WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-07 13:43Windows 6.0.6000 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(3572)c:\program files\Logitech\SetPoint\lgscroll.dllc:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Common Files\Motive\McciCMService.exec:\windows\system32\DRIVERS\xaudio.exec:\windows\system32\WUDFHost.exec:\windows\System32\rundll32.exec:\windows\RtHDVCpl.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\PEV.exec:\program files\iPod\bin\iPodService.exec:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe.**************************************************************************.Completion time: 2011-07-07 13:55:19 - machine was rebootedComboFix-quarantined-files.txt 2011-07-07 18:54.Pre-Run: 126,670,131,200 bytes freePost-Run: 127,564,779,520 bytes free.- - End Of File - - 389DDA3A31219B6A7091E3758B3E64E3






Attached Files


Edited by daniellemarren, 07 July 2011 - 02:07 PM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 07 July 2011 - 02:55 PM

I'm not sure what happened to those logs - I can make do with the TDSSKiller log, but I'll need you to try posting the ComboFix log again so it's not all strung together like that (it should look more like your DDS logs). This should open the log again for you:

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 07 July 2011 - 03:23 PM

I don't know why it keeps doing that. Would it help if i just attached it?

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 07 July 2011 - 08:36 PM

daniellemarren:

Posted Image P2P - I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
c:\users\Danielle\AppData\Local\Iqirilobaka.bin
Folder::
c:\users\Danielle\AppData\Local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 08 July 2011 - 12:02 AM

Okay, I have removed Vuze.

ComboFix log:

ComboFix 11-07-07.05 - Danielle 07/07/2011 21:21:04.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1014 [GMT -5:00]
Running from: c:\users\Danielle\Desktop\ComboFix.exe
Command switches used :: c:\users\Danielle\Desktop\CFScript.txt
.
FILE ::
"c:\users\Danielle\AppData\Local\Iqirilobaka.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Danielle\AppData\Local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}
c:\users\Danielle\AppData\Local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}\chrome\content\overlay.xul
c:\users\Danielle\AppData\Local\{CCD37D13-93A1-455C-A1B1-AB4EA512ED1D}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 02:37 . 2011-07-08 02:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 02:37 . 2011-07-08 02:37 -------- d-----w- c:\users\Dad\AppData\Local\temp
2011-07-08 02:37 . 2011-07-08 02:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-07-08 02:37 . 2011-07-08 02:37 -------- d-----w- c:\users\Olivia\AppData\Local\temp
2011-07-08 02:37 . 2011-07-08 02:37 -------- d-----w- c:\users\Heidi\AppData\Local\temp
2011-07-07 23:13 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5406990F-B3F9-4FA2-86DD-D50A45BDDF23}\mpengine.dll
2011-07-07 03:35 . 2011-07-07 03:35 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-07 03:35 . 2011-07-07 03:35 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-07 03:03 . 2011-07-07 03:03 -------- d-----w- c:\programdata\PLAV
2011-07-07 03:03 . 2011-07-07 03:03 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2011-07-07 02:52 . 2011-07-07 02:52 -------- d-----w- c:\programdata\ParetoLogic
2011-07-07 02:52 . 2011-07-07 02:52 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-07 02:51 . 2011-07-07 02:51 -------- d-----w- c:\program files\Common Files\PLAV
2011-07-07 02:51 . 2011-07-07 02:51 -------- d-----w- c:\program files\ParetoLogic
2011-07-06 23:52 . 2011-07-06 23:52 -------- d-----w- c:\users\Danielle\AppData\Roaming\AVG10
2011-07-06 23:45 . 2011-07-07 04:15 -------- d-----w- c:\programdata\AVG10
2011-07-06 23:21 . 2011-07-07 16:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Conduit
2011-07-06 18:38 . 2011-07-06 18:38 0 ----a-w- c:\users\Danielle\AppData\Local\Iqirilobaka.bin
2011-07-06 17:25 . 2011-07-06 17:25 -------- d-----w- c:\program files\Apple Software Update(7)
2011-07-06 17:21 . 2011-07-06 19:46 -------- d-----w- c:\program files\iPod(33)
2011-07-06 17:11 . 2011-07-06 19:46 -------- d-----w- c:\program files\Bonjour(8)
2011-07-06 05:03 . 2011-07-06 05:03 -------- d-----w- c:\program files\Coupons
2011-06-15 19:21 . 2011-06-15 19:24 -------- d-----w- c:\program files\Business-in-a-Box
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2010-02-22 14:05 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-02-23 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 1480296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-21 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-21 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-11-19 114688]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-26 34520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-21 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R3 PLAVService;PLAVService;c:\program files\Common Files\PLAV\PLAVservice.exe [2010-09-08 599384]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-22 697328]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-08-09 22104]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 03:33]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 03:33]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123754288-1640410020-4041290471-1001Core.job
- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 00:48]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123754288-1640410020-4041290471-1001UA.job
- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 00:48]
.
2011-07-07 c:\windows\Tasks\Norton Security Scan for Heidi.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-08 16:06]
.
2011-07-08 c:\windows\Tasks\Norton Security Scan for Olivia.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-08 16:06]
.
2011-07-07 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-08 17:31]
.
2011-07-07 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-08 17:31]
.
2011-07-07 c:\windows\Tasks\User_Feed_Synchronization-{4A348C50-0879-4CCE-99E4-2028C27DFDDD}.job
- c:\windows\system32\msfeedssync.exe [2010-04-11 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\hunimxje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16794S&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 21:37
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-07 21:40:30
ComboFix-quarantined-files.txt 2011-07-08 02:40
ComboFix2.txt 2011-07-07 18:55
.
Pre-Run: 126,311,825,408 bytes free
Post-Run: 126,340,837,376 bytes free
.
- - End Of File - - BC1BB01BD7FD3F307EF614E45ADC9173





Malwarebytes log is attached because the text keeps coming out all strung together like that.
Thanks again for all your help, really!

Attached Files


Edited by daniellemarren, 08 July 2011 - 12:19 AM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 08 July 2011 - 03:36 PM

daniellemarren:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes copy and paste the results into your next reply.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 09 July 2011 - 12:09 PM

The computer is running much better! I am no longer being redirected and it is running a little faster! Thank you so much for all your help! Here are the ESET results:


C:\Qoobox\Quarantine\C\Program Files\HBLite\bin\11.0.267.0\HBLiteSAAX.dll.vir a variant of Win32/Adware.HotBar.E application
C:\Qoobox\Quarantine\C\Program Files\HBLite\bin\11.0.267.0\HBLiteUninstaller.exe.vir a variant of Win32/Adware.HotBar.E application
C:\Qoobox\Quarantine\C\Program Files\HBLite\bin\11.0.267.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll.vir a variant of Win32/Adware.HotBar.J application
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll.vir a variant of Win32/Adware.HotBar.J application
C:\System Recovery files\C\Users\Danielle\Documents\EA Games\The Sims 2\Music\housemix\Nevershoutnever! - BigCityDreams.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\System Recovery files\C\Users\Danielle\Music\3oh3 - Punkbleep.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\System Recovery files\C\Users\Olivia\Music\jonh mayer belief.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\System Recovery files\C\Users\Olivia\Music\jonh mayer- belief sexy girl has shaking orgasm during sex.mpg a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\System Recovery files\C\Users\Olivia\Music\putting holes in happieness.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8A1V9X7D\d43c8[1].pdf JS/Exploit.Pdfka.OWC.Gen trojan
C:\Users\Danielle\AppData\LocalLow\Yahoo! Companion\Data\ec0hh4dzs_o\_bm2.xml Win32/Adware.SpywareProtect2009 application
C:\Users\Heidi\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AR application




#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 09 July 2011 - 04:22 PM

daniellemarren:

This will take care of those ESET detections:

Posted Image Open notepad and copy/paste the text in the quotebox below into it:

@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"C:\System Recovery files\C\Users\Danielle\Documents\EA Games\The Sims 2\Music\housemix\Nevershoutnever! - BigCityDreams.mp3"
"C:\System Recovery files\C\Users\Danielle\Music\3oh3 - Punkbleep.mp3" 
"C:\System Recovery files\C\Users\Olivia\Music\jonh mayer belief.mp3"
"C:\System Recovery files\C\Users\Olivia\Music\jonh mayer- belief sexy girl has shaking orgasm during sex.mpg"
"C:\System Recovery files\C\Users\Olivia\Music\putting holes in happieness.mp3 C:\Users\Danielle\AppData\LocalLow\Yahoo! Companion\Data\ec0hh4dzs_o\_bm2.xml"
"C:\Users\Heidi\Downloads\SetupGamevance.exe" 
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
pause
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: Posted Image
Double click on fix.bat & allow it to run.

Other than those your logs look good. Now I have another update and some very important cleanup for you to take care of:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 09 July 2011 - 04:53 PM

When I run the fix.bat, along with the command window a notepad doc opens up named "log" and inside is:

"C:\Users\Heidi\Downloads\SetupGamevance.exe"

The command window says "Press any key to continue", then once I press a key, the command window disappears and so does the fix.bat icon off my desktop. Is that what is supposed to happen?

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 09 July 2011 - 04:59 PM

That is fine, you can continue with the rest of the instruction.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 daniellemarren

daniellemarren
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 09 July 2011 - 07:16 PM

Okay I have finished all the instructions, and my computer is running much better. Thanks for all your help!

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 09 July 2011 - 08:39 PM

You're welcome, daniellemarren. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 10 July 2011 - 04:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users