Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with Win32:Tiny-AMB [Rtk]


  • This topic is locked This topic is locked
29 replies to this topic

#1 MWM2

MWM2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 19 October 2011 - 12:21 PM

I hope someone can help here. I have seen some great solutions and help to others.

A friend of mine tried to cleanup his computer, as he describes it ”we got hit 2 weeks ago with a very nasty virus called “Cloud Antivirus” or something similar”. So I inherited a partially cleaned up machine. He doesn’t remember all that he used. The problem is that he can’t get on the internet. It is Windows XP Home Edition Svc Pack 3.

When checking myself, I found the system very slow, missing startup icons in the system tray (nothing disabled in msconfig), Avast AV 6.0 Real-time shields cannot be started and a boot time scan does not activate. In the virus chest I saw an entry referencing Win32:Tiny-AMB [Rtk]

Rather than mess things up any further I am asking for help here.

Followed the guide to get started and encountered a problem with the firewall and DDS.SCR

1) I cannot enable the windows firewall. When I click YES to the message “Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Service?” I get the message “Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) Service.” I have also gone to Services to manually start it and that doesn’t work either.

2) When trying to run dds.scr the black screen does not come up but a text file appears in notepad with a lot of odd unintelligible characters, except on the first line, after some garbage characters it says “This program cannot be run in DOS mode.” Then garbage follows. The dds.txt and attach.txt files are not created. I DID save the garbage file as dds.scr.txt and will attach it here.

Please advise.

And thank you in advance for any help !

Attached Files

  • Attached File  ark.txt   93.25KB   1 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 24 October 2011 - 12:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424167 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 25 October 2011 - 09:02 AM

Still have the same problems. I have not done anything since my initial post. The following is in response to HelpBot:

I tried downloading the DDS.pif since the DDR.scr does not run (it only opens in notepad). The site said I was not permitted to download the .pif file so on a hunch I renamed the .scr file to .pif and it worked. DDS.txt is posted here and Attach.txt and Ark.txt are attached.

Also, I do not have a windows disk but there is a D: drive partition on this Compaq computer with the I386 folder.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Compaq_Owner at 8:25:09 on 2011-10-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1457 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system\hpsysdrv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Ultra Speed Tray] c:\program files\pc ultra speed\PCUltraSpeedTray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-2 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-14 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2006-12-10 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-19 14:06:22 -------- d-----w- c:\windows\pss
2011-10-18 12:28:36 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-18 12:28:32 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-18 12:28:31 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-18 12:28:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28:21 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28:10 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28:05 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28:02 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27:56 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27:53 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27:16 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27:07 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25:57 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25:52 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25:47 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25:42 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25:34 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25:29 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25:25 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25:21 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25:16 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25:11 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25:07 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25:03 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23:55 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22:56 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22:49 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22:44 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22:43 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22:37 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22:34 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22:27 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22:22 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22:14 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22:05 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22:02 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18:56 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18:53 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18:49 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18:46 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18:42 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18:38 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18:16 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18:13 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18:09 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18:06 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18:02 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16:59 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15:57 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15:52 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15:40 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15:34 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15:30 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15:25 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15:22 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15:13 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15:10 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15:06 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15:03 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13:56 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11:54 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11:50 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11:37 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11:33 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11:29 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11:28 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11:22 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11:18 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11:11 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11:09 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11:02 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09:44 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09:27 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09:23 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09:07 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09:03 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09:02 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08:51 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08:48 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08:40 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08:35 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08:26 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08:20 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08:16 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08:15 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08:12 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08:08 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08:05 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06:57 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05:59 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04:58 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03:59 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02:59 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-10-18 12:01:57 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00:59 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59:58 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58:59 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57:59 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56:34 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55:58 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54:00 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27:13 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-18 03:27:13 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-17 16:24:35 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06:37 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-10-04 02:06:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-04 02:06:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 02:06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-03 02:11:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54:57 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54:57 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
2011-10-03 01:22:59 -------- d-----w- C:\sh4ldr
2011-10-03 01:22:59 -------- d-----w- c:\program files\Enigma Software Group
2011-10-03 01:22:15 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-03 01:21:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-01 13:53:05 -------- d-----w- C:\a1af5000092b3550e938
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-01 13:47:34 -------- d-----w- c:\program files\PC Ultra Speed
2011-10-01 13:47:34 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Ultra Speed
2011-10-01 13:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Cleaners
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
============= FINISH: 8:26:59.71 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 25 October 2011 - 11:51 PM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 26 October 2011 - 09:39 AM

Hi Blade81, thanks for helping me with this problem. As requested, here are the combofix.txt and dds.txt files. I also attached the attach.txt file.

ComboFix 11-10-26.03 - Compaq_Owner 10/26/2011 7:54.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1380 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-18 12:28 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28 . 2004-08-04 01:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27 . 2004-08-04 01:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27 . 2008-04-13 17:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27 . 2004-08-04 01:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25 . 2001-08-17 17:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25 . 2001-08-17 17:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25 . 2001-08-17 17:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25 . 2001-08-17 17:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25 . 2001-08-17 17:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25 . 2001-08-17 17:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25 . 2001-08-17 17:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22 . 2001-08-17 16:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22 . 2001-08-17 18:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22 . 2001-08-17 16:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22 . 2001-08-17 17:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22 . 2001-08-17 16:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22 . 2001-08-17 18:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22 . 2001-08-17 18:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22 . 2001-08-17 18:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19 . 2001-08-17 18:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18 . 2001-08-17 16:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18 . 2001-08-17 16:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18 . 2001-08-17 18:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18 . 2001-07-21 18:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18 . 2001-07-21 18:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18 . 2001-08-17 16:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16 . 2001-08-17 16:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15 . 2001-08-17 16:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15 . 2001-08-18 02:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15 . 2001-08-17 17:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15 . 2001-08-17 17:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15 . 2001-08-17 17:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15 . 2001-08-17 17:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15 . 2001-08-17 17:52 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15 . 2001-08-17 17:52 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15 . 2001-08-17 17:52 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15 . 2001-08-17 17:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13 . 2001-08-17 18:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12 . 2001-08-17 18:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11 . 2008-04-13 17:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11 . 2001-08-17 16:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11 . 2001-08-17 16:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11 . 2004-08-04 01:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11 . 2001-08-17 16:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09 . 2004-08-04 04:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08 . 2001-08-17 17:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08 . 2008-04-13 17:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08 . 2001-08-17 17:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04 . 2001-08-18 02:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03 . 2001-08-18 02:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-10-18 12:01 . 2001-08-17 16:14 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00 . 2001-08-17 16:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59 . 2001-08-17 16:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58 . 2001-08-17 16:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57 . 2001-08-18 02:36 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55 . 2001-08-17 16:49 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27 . 2006-03-03 22:30 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-18 03:27 . 2006-02-22 23:59 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-17 16:24 . 2011-10-17 16:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-10-07 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 02:06 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 02:11 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54 . 2011-10-03 01:54 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54 . 2011-10-03 01:54 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:50 . 2011-10-03 01:50 -------- d-----w- c:\documents and settings\Administrator
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconF7A21AF7.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconD7F16134.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconCF33A0CE.exe
2011-10-03 01:22 . 2011-10-03 01:23 -------- d-----w- C:\sh4ldr
2011-10-03 01:22 . 2011-10-03 01:22 -------- d-----w- c:\program files\Enigma Software Group
2011-10-03 01:22 . 2011-10-03 01:23 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-03 01:21 . 2011-10-03 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-01 13:53 . 2011-10-01 13:55 -------- d-----w- C:\a1af5000092b3550e938
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-07-15 02:44 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-07-15 02:44 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2010-07-15 02:44 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-07-15 02:44 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-07-15 02:44 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-07-15 02:44 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-07-15 02:44 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-07-15 02:44 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-07-15 02:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:17 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PC Ultra Speed Tray"="c:\program files\PC Ultra Speed\PCUltraSpeedTray.exe" [2011-04-08 238352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2011-09-08 4712352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-1 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Logitech\\Logitech WebCam Software\\LU\\LogitechUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Verizon\\McciBrowser.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter4.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"9323:TCP"= 9323:TCP:EKDiscovery
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/2/2011 10:11 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/14/2010 10:44 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/14/2010 10:44 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2011 10:06 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2011 10:06 PM 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [12/10/2006 3:09 PM 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uxddipob
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\245709418:2512739057.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Completion time: 2011-10-26 08:12:01
ComboFix-quarantined-files.txt 2011-10-26 12:11
ComboFix2.txt 2011-10-17 20:41
.
Pre-Run: 96,893,784,064 bytes free
Post-Run: 96,881,078,272 bytes free
.
- - End Of File - - 71A95DBF73FF04D50E4D95C87142F630



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Compaq_Owner at 10:30:03 on 2011-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1330 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system\hpsysdrv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Ultra Speed Tray] c:\program files\pc ultra speed\PCUltraSpeedTray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-2 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-14 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2006-12-10 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-26 11:50:17 98816 ----a-w- c:\windows\sed.exe
2011-10-26 11:50:17 518144 ----a-w- c:\windows\SWREG.exe
2011-10-26 11:50:17 256000 ----a-w- c:\windows\PEV.exe
2011-10-26 11:50:17 208896 ----a-w- c:\windows\MBR.exe
2011-10-19 14:06:22 -------- d-----w- c:\windows\pss
2011-10-18 12:28:36 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-18 12:28:32 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-18 12:28:31 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-18 12:28:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28:21 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28:10 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28:05 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28:02 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27:56 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27:53 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27:16 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27:07 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25:57 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25:52 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25:47 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25:42 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25:34 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25:29 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25:25 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25:21 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25:16 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25:11 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25:07 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25:03 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23:55 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22:56 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22:49 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22:44 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22:43 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22:37 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22:34 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22:27 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22:22 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22:14 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22:05 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22:02 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18:56 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18:53 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18:49 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18:46 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18:42 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18:38 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18:16 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18:13 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18:09 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18:06 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18:02 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16:59 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15:57 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15:52 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15:40 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15:34 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15:30 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15:25 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15:22 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15:13 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15:10 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15:06 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15:03 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13:56 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11:54 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11:50 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11:37 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11:33 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11:29 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11:28 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11:22 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11:18 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11:11 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11:09 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11:02 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09:44 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09:27 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09:23 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09:07 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09:03 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09:02 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08:51 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08:48 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08:40 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08:35 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08:26 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08:20 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08:16 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08:15 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08:12 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08:08 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08:05 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06:57 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05:59 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04:58 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03:59 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02:59 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-10-18 12:01:57 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00:59 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59:58 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58:59 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57:59 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56:34 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55:58 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54:00 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27:13 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-18 03:27:13 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-17 16:24:35 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06:37 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-10-04 02:06:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-04 02:06:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 02:06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-03 02:11:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54:57 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54:57 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
2011-10-03 01:22:59 -------- d-----w- C:\sh4ldr
2011-10-03 01:22:59 -------- d-----w- c:\program files\Enigma Software Group
2011-10-03 01:22:15 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-03 01:21:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-01 13:53:05 -------- d-----w- C:\a1af5000092b3550e938
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-01 13:47:34 -------- d-----w- c:\program files\PC Ultra Speed
2011-10-01 13:47:34 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Ultra Speed
2011-10-01 13:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Cleaners
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
============= FINISH: 10:31:08.09 ===============

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 26 October 2011 - 11:42 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
c:\qoobox\quarantine\c\windows\help\tours\htmltour\unlock_playing.htm.vir
Ignore::
c:\windows\help\tours\htmltour\unlock_playing.htm
File::
c:\windows\245709418


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 1.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 26 October 2011 - 12:53 PM

I completed the combofix with CFScript file, uninstalled Adobe Reader, and removed the adobe flash. I can't get on the internet to download new versions, update Java or run the ESET online scanner.

Internet Explorer reports that I am not connected to the internet (but I am and the adapter led is intermittently flashing).
When I try to "repair" the network connection, a message pops up that it Failed to query TCP/IP settings of the connection. Cannot proceed.
An ipconfig /all results in:
Windows IP Configuration
An Internal error occurred: The request is not supported.
Additional Information: Unable to query host name.

Here are the log files you requested DDS.txt and ComboFix. Also below the Combofix text is the text from the DeQuarantine.txt file


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Compaq_Owner at 13:33:58 on 2011-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1332 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system\hpsysdrv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
F:\Les Souter\install_reader10_en_air_gtbp_chrd_aih.exe
C:\Documents and Settings\Compaq_Owner\Desktop\install_reader10_en_air_gtbp_chrd_aih.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Ultra Speed Tray] c:\program files\pc ultra speed\PCUltraSpeedTray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-2 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-14 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2006-12-10 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-26 11:50:17 98816 ----a-w- c:\windows\sed.exe
2011-10-26 11:50:17 518144 ----a-w- c:\windows\SWREG.exe
2011-10-26 11:50:17 256000 ----a-w- c:\windows\PEV.exe
2011-10-26 11:50:17 208896 ----a-w- c:\windows\MBR.exe
2011-10-19 14:06:22 -------- d-----w- c:\windows\pss
2011-10-18 12:28:36 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-18 12:28:32 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-18 12:28:31 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-18 12:28:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28:21 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28:10 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28:05 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28:02 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27:56 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27:53 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27:16 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27:07 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25:57 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25:52 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25:47 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25:42 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25:34 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25:29 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25:25 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25:21 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25:16 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25:11 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25:07 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25:03 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23:55 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22:56 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22:49 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22:44 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22:43 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22:37 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22:34 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22:27 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22:22 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22:14 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22:05 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22:02 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18:56 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18:53 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18:49 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18:46 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18:42 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18:38 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18:16 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18:13 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18:09 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18:06 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18:02 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16:59 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15:57 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15:52 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15:40 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15:34 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15:30 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15:25 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15:22 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15:13 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15:10 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15:06 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15:03 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13:56 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11:54 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11:50 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11:37 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11:33 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11:29 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11:28 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11:22 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11:18 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11:11 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11:09 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11:02 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09:44 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09:27 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09:23 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09:07 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09:03 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09:02 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08:51 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08:48 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08:40 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08:35 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08:26 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08:20 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08:16 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08:15 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08:12 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08:08 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08:05 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06:57 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05:59 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04:58 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03:59 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02:59 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-10-18 12:01:57 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00:59 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59:58 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58:59 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57:59 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56:34 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55:58 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54:00 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27:13 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-18 03:27:13 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-17 16:24:35 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06:37 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-10-04 02:06:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-04 02:06:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 02:06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-03 02:11:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54:57 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54:57 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
2011-10-03 01:23:07 110080 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
2011-10-03 01:22:59 -------- d-----w- C:\sh4ldr
2011-10-03 01:22:59 -------- d-----w- c:\program files\Enigma Software Group
2011-10-03 01:22:15 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-03 01:21:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-01 13:53:05 -------- d-----w- C:\a1af5000092b3550e938
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-01 13:49:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-01 13:47:34 -------- d-----w- c:\program files\PC Ultra Speed
2011-10-01 13:47:34 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Ultra Speed
2011-10-01 13:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\PC Cleaners
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
============= FINISH: 13:35:04.10 ===============




ComboFix 11-10-26.03 - Compaq_Owner 10/26/2011 12:57:48.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1336 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\245709418"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
c:\windows\245709418
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-18 12:28 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-18 12:28 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-18 12:28 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-18 12:28 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28 . 2004-08-04 01:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27 . 2004-08-04 01:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27 . 2008-04-13 17:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27 . 2004-08-04 01:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25 . 2001-08-17 17:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25 . 2001-08-17 17:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25 . 2001-08-17 17:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25 . 2001-08-17 17:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25 . 2001-08-17 17:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25 . 2001-08-17 17:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25 . 2001-08-17 17:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22 . 2001-08-17 16:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22 . 2001-08-17 18:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22 . 2001-08-17 16:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22 . 2001-08-17 17:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22 . 2001-08-17 16:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22 . 2001-08-17 18:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22 . 2001-08-17 18:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22 . 2001-08-17 18:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19 . 2001-08-17 18:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18 . 2001-08-17 16:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18 . 2001-08-17 16:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18 . 2001-08-17 18:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18 . 2001-07-21 18:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18 . 2001-07-21 18:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18 . 2001-08-17 16:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16 . 2001-08-17 16:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15 . 2001-08-17 16:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15 . 2001-08-18 02:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15 . 2001-08-17 17:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15 . 2001-08-17 17:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15 . 2001-08-17 17:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15 . 2001-08-17 17:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15 . 2001-08-17 17:52 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15 . 2001-08-17 17:52 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15 . 2001-08-17 17:52 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15 . 2001-08-17 17:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13 . 2001-08-17 18:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12 . 2001-08-17 18:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11 . 2008-04-13 17:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11 . 2001-08-17 16:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11 . 2001-08-17 16:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11 . 2004-08-04 01:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11 . 2001-08-17 16:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09 . 2004-08-04 04:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08 . 2001-08-17 17:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08 . 2008-04-13 17:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08 . 2001-08-17 17:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04 . 2001-08-18 02:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03 . 2001-08-18 02:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-10-18 12:01 . 2001-08-17 16:14 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00 . 2001-08-17 16:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59 . 2001-08-17 16:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58 . 2001-08-17 16:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57 . 2001-08-18 02:36 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55 . 2001-08-17 16:49 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27 . 2006-03-03 22:30 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-18 03:27 . 2006-02-22 23:59 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-17 16:24 . 2011-10-17 16:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-10-07 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 02:06 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 02:11 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54 . 2011-10-03 01:54 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54 . 2011-10-03 01:54 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:50 . 2011-10-03 01:50 -------- d-----w- c:\documents and settings\Administrator
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconF7A21AF7.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconD7F16134.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconCF33A0CE.exe
2011-10-03 01:22 . 2011-10-03 01:23 -------- d-----w- C:\sh4ldr
2011-10-03 01:22 . 2011-10-03 01:22 -------- d-----w- c:\program files\Enigma Software Group
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-07-15 02:44 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-07-15 02:44 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2010-07-15 02:44 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-07-15 02:44 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-07-15 02:44 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-07-15 02:44 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-07-15 02:44 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-07-15 02:44 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-07-15 02:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:17 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PC Ultra Speed Tray"="c:\program files\PC Ultra Speed\PCUltraSpeedTray.exe" [2011-04-08 238352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2011-09-08 4712352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-1 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Logitech\\Logitech WebCam Software\\LU\\LogitechUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Verizon\\McciBrowser.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter4.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"9323:TCP"= 9323:TCP:EKDiscovery
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/2/2011 10:11 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/14/2010 10:44 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/14/2010 10:44 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2011 10:06 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2011 10:06 PM 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [12/10/2006 3:09 PM 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uxddipob
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-26 13:11:15
ComboFix-quarantined-files.txt 2011-10-26 17:11
ComboFix2.txt 2011-10-26 12:12
ComboFix3.txt 2011-10-17 20:41
C:\DeQuarantine.txt
.
Pre-Run: 96,885,284,864 bytes free
Post-Run: 96,872,124,416 bytes free
.
- - End Of File - - 53AD18546DD53501B2AFD704D66BB2E7



DeQuarantine.txt
c:\qoobox\quarantine\c\windows\help\tours\htmltour\unlock_playing.htm.vir -> c:\windows\help\tours\htmltour\unlock_playing.htm ( 8353 bytes )

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 26 October 2011 - 01:34 PM

Hi,

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    tcpip.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 26 October 2011 - 02:51 PM

Ok here is the Systemlook text file

SystemLook 30.07.11 by jpshortstuff
Log created at 15:37 on 26/10/2011 by Compaq_Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys --a---- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys --a--c- 359936 bytes [18:20 01/08/2006] [08:17 14/03/2005] 6129E70F3D2F1E60860C930EBEAF92C2
C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys --a--c- 360576 bytes [12:18 20/04/2006] [12:18 20/04/2006] B2220C618B42A2212A59D91EBD6FC4B4
C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys --a--c- 360832 bytes [16:53 30/10/2007] [16:53 30/10/2007] 64798ECFA43D78C7178375FCDD16D8C8
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys --a--c- 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys --a--c- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a--c- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys -----c- 360320 bytes [17:09 05/03/2009] [10:45 20/06/2008] 2A5554FC5B1E04E131230E3CE035C3F9
C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys -----c- 359040 bytes [18:20 01/08/2006] [11:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys -----c- 359808 bytes [08:03 15/12/2006] [07:55 14/03/2005] 0E66B538096A6529D1AC66E78EB0D5C8
C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys -----c- 359808 bytes [08:01 09/01/2008] [11:51 20/04/2006] 1DBF125862891817F374F407626967F4
C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys -----c- 361344 bytes [17:30 05/03/2009] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys -----c- 360064 bytes [00:22 09/07/2008] [17:20 30/10/2007] 90CAFF4B094573449A0872A0F919B178
C:\WINDOWS\ERDNT\cache\tcpip.sys --a---- 361600 bytes [17:51 17/10/2011] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\ServicePackFiles\i386\tcpip.sys -----c- 361344 bytes [14:55 08/09/2008] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\system32\dllcache\tcpip.sys --a---- 361600 bytes [11:00 04/08/2004] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361600 bytes [11:00 04/08/2004] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

-= EOF =-

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 26 October 2011 - 11:37 PM

Hi

Run ComboFix with the following cfscript.txt contents:
Ignore::
c:\windows\help\tours\htmltour\unlock_playing.htm
FCopy::
C:\WINDOWS\system32\drivers\tcpip.sys|C:\WINDOWS\system32\drivers\tcpip.sys.bak
C:\WINDOWS\system32\dllcache\tcpip.sys|C:\WINDOWS\system32\drivers\tcpip.sys

Post back the log.

Edited by Blade81, 26 October 2011 - 11:38 PM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 27 October 2011 - 10:27 AM

Ok here is the combofix log file. Thanks for sticking with me on this !

ComboFix 11-10-26.03 - Compaq_Owner 10/27/2011 7:29.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1323 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
c:\documents and settings\Compaq_Owner\Local Settings\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
.
.
--------------- FCopy ---------------
.
c:\windows\system32\drivers\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys.bak
c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-18 12:28 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-18 12:28 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-18 12:28 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-18 12:28 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-18 12:28 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-18 12:28 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-18 12:28 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-18 12:28 . 2004-08-04 01:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-18 12:27 . 2004-08-04 01:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-18 12:27 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-18 12:27 . 2008-04-13 17:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-18 12:27 . 2004-08-04 01:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-18 12:27 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-18 12:25 . 2001-08-17 17:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-18 12:25 . 2001-08-17 17:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-18 12:25 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-18 12:25 . 2001-08-17 17:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-18 12:25 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-18 12:25 . 2001-08-17 17:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-18 12:25 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-18 12:25 . 2001-08-17 17:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-18 12:25 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-18 12:25 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-18 12:25 . 2001-08-17 17:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-18 12:25 . 2001-08-17 17:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-10-18 12:23 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-18 12:22 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-18 12:22 . 2001-08-17 16:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-18 12:22 . 2001-08-17 18:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-18 12:22 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-18 12:22 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-18 12:22 . 2001-08-17 16:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-18 12:22 . 2001-08-17 17:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-18 12:22 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-18 12:22 . 2001-08-17 16:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-18 12:22 . 2001-08-17 18:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-18 12:22 . 2001-08-17 18:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-18 12:22 . 2001-08-17 18:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-18 12:20 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-18 12:19 . 2001-08-17 18:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-18 12:18 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-18 12:18 . 2001-08-17 16:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-18 12:18 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-18 12:18 . 2001-08-17 16:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-18 12:18 . 2001-08-17 18:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-18 12:18 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-18 12:18 . 2001-07-21 18:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-18 12:18 . 2001-07-21 18:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-18 12:18 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-18 12:18 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-18 12:18 . 2001-08-17 16:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-18 12:16 . 2001-08-17 16:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-18 12:15 . 2001-08-17 16:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-18 12:15 . 2001-08-18 02:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-18 12:15 . 2001-08-17 17:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-18 12:15 . 2001-08-17 17:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-18 12:15 . 2001-08-17 17:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-18 12:15 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-18 12:15 . 2001-08-17 17:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-18 12:15 . 2001-08-17 17:52 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-18 12:15 . 2001-08-17 17:52 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-18 12:15 . 2001-08-17 17:52 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-18 12:15 . 2001-08-17 17:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-18 12:13 . 2001-08-17 18:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-10-18 12:12 . 2001-08-17 18:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-10-18 12:11 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-18 12:11 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-18 12:11 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-18 12:11 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-18 12:11 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-18 12:11 . 2008-04-13 17:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-18 12:11 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-18 12:11 . 2001-08-17 16:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-18 12:11 . 2001-08-17 16:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-18 12:11 . 2004-08-04 01:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-18 12:11 . 2001-08-17 16:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-18 12:09 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-18 12:09 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-18 12:09 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-18 12:09 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-18 12:09 . 2004-08-04 04:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-18 12:09 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-18 12:09 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-18 12:09 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-18 12:08 . 2001-08-17 17:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-18 12:08 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-18 12:08 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-18 12:08 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-18 12:08 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-18 12:08 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-18 12:08 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-18 12:08 . 2008-04-13 17:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-18 12:08 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-18 12:08 . 2001-08-17 17:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-18 12:08 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-18 12:06 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-18 12:05 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-10-18 12:04 . 2001-08-18 02:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-10-18 12:03 . 2001-08-18 02:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-18 12:02 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-10-18 12:01 . 2001-08-17 16:14 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-10-18 12:00 . 2001-08-17 16:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-10-18 11:59 . 2001-08-17 16:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-10-18 11:58 . 2001-08-17 16:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-10-18 11:57 . 2001-08-18 02:36 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2011-10-18 11:56 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-18 11:55 . 2001-08-17 16:49 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-10-18 11:54 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-18 03:27 . 2006-03-03 22:30 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-10-18 03:27 . 2006-02-22 23:59 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-10-17 16:24 . 2011-10-17 16:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 02:06 . 2011-10-04 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-04 02:06 . 2011-10-07 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 02:06 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 02:11 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-03 01:54 . 2011-10-03 01:54 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-03 01:54 . 2011-10-03 01:54 -------- d-sh--w- c:\windows\ftpcache
2011-10-03 01:50 . 2011-10-03 01:50 -------- d-----w- c:\documents and settings\Administrator
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconF7A21AF7.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconD7F16134.exe
2011-10-03 01:23 . 2011-10-03 01:23 110080 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D3F93A5A-7A5D-4867-B2A1-6F46500D006C}\IconCF33A0CE.exe
2011-10-03 01:22 . 2011-10-03 01:23 -------- d-----w- C:\sh4ldr
2011-10-03 01:22 . 2011-10-03 01:22 -------- d-----w- c:\program files\Enigma Software Group
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-07-15 02:44 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-07-15 02:44 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2010-07-15 02:44 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-07-15 02:44 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-07-15 02:44 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-07-15 02:44 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-07-15 02:44 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-07-15 02:44 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-07-15 02:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:17 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_12.05.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-26 07:00 . 2011-09-22 17:53 14921672 c:\windows\SoftwareDistribution\Download\Install\windows-kb890830-v4.0.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PC Ultra Speed Tray"="c:\program files\PC Ultra Speed\PCUltraSpeedTray.exe" [2011-04-08 238352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2011-09-08 4712352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-1 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Logitech\\Logitech WebCam Software\\LU\\LogitechUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Verizon\\McciBrowser.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter4.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"9323:TCP"= 9323:TCP:EKDiscovery
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/2/2011 10:11 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/14/2010 10:44 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/14/2010 10:44 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2011 10:06 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2011 10:06 PM 22712]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [12/10/2006 3:09 PM 463872]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uxddipob
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 07:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-27 07:45:52
ComboFix-quarantined-files.txt 2011-10-27 11:45
ComboFix2.txt 2011-10-26 17:11
ComboFix3.txt 2011-10-26 12:12
ComboFix4.txt 2011-10-17 20:41
.
Pre-Run: 96,930,066,432 bytes free
Post-Run: 96,933,494,784 bytes free
.
- - End Of File - - B8CDB1E4D79D6E5CE4DABDBA9F95B7C8

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 27 October 2011 - 01:41 PM

Hi,

Reboot if you haven't done so after the ComboFix run and see if network issue still occurs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 27 October 2011 - 04:11 PM

Hi Blade81,

I rebooted as requested but still no internet access. Same error messages with repair and ipconfig too.
Any other ideas?

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 28 October 2011 - 01:08 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by Blade81, 28 October 2011 - 01:08 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 MWM2

MWM2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 28 October 2011 - 06:15 AM

Here is the info from Minitoolbox.

MiniToolBox by Farbar
Ran by Compaq_Owner (administrator) on 28-10-2011 at 07:12:03
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/28/2011 07:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 06:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 05:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 04:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 03:01:23 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 02:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 01:01:11 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/28/2011 00:01:10 AM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/27/2011 11:01:11 PM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.

Error: (10/27/2011 10:01:10 PM) (Source: MsiInstaller) (User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.


System errors:
=============
Error: (10/28/2011 07:01:10 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (10/28/2011 07:01:10 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (10/28/2011 06:01:10 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (10/28/2011 06:01:10 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (10/28/2011 05:01:10 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (10/28/2011 05:01:10 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (10/28/2011 04:01:10 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (10/28/2011 04:01:10 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (10/28/2011 03:01:23 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (10/28/2011 03:01:23 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================
Error: (10/28/2011 07:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 06:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 05:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 04:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 03:01:23 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 02:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 01:01:11 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/28/2011 00:01:10 AM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/27/2011 11:01:11 PM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)

Error: (10/27/2011 10:01:10 PM) (Source: MsiInstaller)(User: Compaq_Owner)Compaq_Owner
Description: Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is not marked for installation.(NULL)(NULL)(NULL)


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 1982.48 MB
Available physical RAM: 1398.94 MB
Total Pagefile: 2502.06 MB
Available Pagefile: 2107.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.09 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:104.46 GB) (Free:89.71 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:7.3 GB) (Free:0.48 GB) FAT32
4 Drive f: (TRAVELDRIVE) (Removable) (Total:3.83 GB) (Free:0.41 GB) FAT32

========================= Users: ========================================

User accounts for \\TROUBLE

Administrator Compaq_Owner Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users