Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was sent here from another area of Bleeping computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 blaumann

blaumann

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 07 December 2011 - 03:34 PM

I was told to post this link. http://www.bleepingcomputer.com/forums/topic430286.html/page__pid__2495910__st__15#entry2495910
I will now go do the GMER (?) scan

My DDS log. have no way to zip the other log. If I have to do that I need help.

.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion:

1.6.0_27
Run by Norman at 15:26:44 on 2011-12-07
Microsoft Windows XP Home Edition

5.1.2600.3.1252.1.1033.18.2038.1439 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare

4\ASCService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program

Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessage

Center.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
c:\Program Files\Microsoft SQL

Server\MSSQL10.SIXBITDBSERVER\MSSQL\Binn\sqlservr.ex

e
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
c:\Program Files\Microsoft SQL

Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure

Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL =

hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://www.google.com
uSearchURL,(Default) =

hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant =

hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: URLSearchHook Class:

{37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program

files\netzero\SearchEnh1.dll
mURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper:

{18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search:

{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b}

- c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
BHO: MSN Toolbar BHO:

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: NetZero Toolbar Helper:

{fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program

files\netzero\ucreg.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} -

c:\program files\netzero\Toolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

c:\program files\msn

toolbar\platform\4.0.0379.0\npwinext.dll
TB: AVG Security Toolbar:

{ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and

settings\norman\local settings\application

data\google\update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "c:\program

files\avg\avg2012\avgtray.exe"
dRunOnce: [FlashPlayerUpdate]

c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.

exe -update activex
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF

0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: vzTCPConfig -

hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfi

g.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} -

hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL

/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7ADB82AE-4AFF-4672-A9C2-432BA6853322}

: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar -

{F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg2012\avgpp.dll
Handler: viprotocol -

{B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program

files\common files\avg secure

search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program

files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class:

{5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and

settings\norman\application

data\mozilla\firefox\profiles\0aa5zmzk.default\
FF - prefs.js: browser.startup.homepage -

hxxps://www.google.com/
FF - prefs.js: keyword.URL -

hxxp://search.avg.com/route/?d=4cb4705c&v=7.008.031.001&

i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGe

ared_tavgp_xputils3.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGe

ared_tavgp_xputils35.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\xpa

vgtbapi.dll
FF - plugin: c:\documents and settings\norman\local

settings\application

data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader

10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader

9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google

earth\plugin\npgeplugin.dll
FF - plugin: c:\program

files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program

files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft

silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0

AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGID

SEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit

Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7

32592]
R0

RapportKELL;RapportKELL;c:\windows\system32\drivers\Ra

pportKELL.sys [2011-11-7 56208]
R1 Avgldx86;AVG AVI Loader

Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7

230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7

40016]
R1 Avgtdix;AVG TDI

Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7

295248]
R1

RapportCerberus_32301;RapportCerberus_32301;c:\documen

ts and settings\all users\application

data\trusteer\rapport\store\exts\rapportcerberus\baseline\R

apportCerberus32_32301.sys [2011-11-1 227312]
R1 RapportEI;RapportEI;c:\program

files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program

files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program

files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program

files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program

files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdvancedSystemCareService;Advanced SystemCare

Service;c:\program files\iobit\advanced systemcare

4\ASCService.exe [2011-12-2 328536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program

files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program

files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program

files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCe

nter.exe [2011-6-24 151552]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit

malware fighter\IMFsrv.exe [2011-12-2 820568]
R2 MSSQL$SIXBITDBSERVER;SQL Server

(SIXBITDBSERVER);c:\program files\microsoft sql

server\mssql10.sixbitdbserver\mssql\binn\sqlservr.exe

[2009-3-30 43010392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program

files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program

files\secunia\psi\sua.exe [2011-4-19 399416]
R2 vToolbarUpdater;vToolbarUpdater;c:\program

files\common files\avg secure

search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-22

246600]
R3

AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\

AVGIDSDriver.sys [2010-8-19 134608]
R3

AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AV

GIDSFilter.sys [2010-8-19 24272]
R3

AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AV

GIDSShim.sys [2010-8-19 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1

15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver

Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-30

277376]
S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-2-23 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar

Service;c:\program

files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12

1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-2-23 135664]
S3

MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3ccd.t

mp --> c:\windows\system32\3CCD.tmp [?]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\RegFilter.sys [2011-12-2 30368]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\UrlFilter.sys [2011-12-2 16208]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit

malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-12-2

239472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper

Service;c:\program files\microsoft sql

server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103

Driver;c:\windows\system32\drivers\RsFx0103.sys

[2009-3-30 239336]
S4 SQLAgent$SIXBITDBSERVER;SQL Server Agent

(SIXBITDBSERVER);c:\program files\microsoft sql

server\mssql10.sixbitdbserver\mssql\binn\SQLAGENT.EXE

[2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-12-02 23:22:40 -------- d-----w- C:\docuuu
2011-12-02 21:50:21 -------- d-----w- c:\documents and

settings\all users\application data\IObit
2011-12-02 16:45:03 -------- d-----w- c:\documents and

settings\norman\application data\IObit
2011-12-02 16:45:02 -------- d-----w- c:\program

files\IObit
2011-12-01 07:55:33 -------- d-----w- C:\scc_40
2011-11-29 18:54:03 -------- d-----w- c:\program

files\Sophos
2011-11-29 16:09:14 -------- d-----w- c:\program

files\ESET
2011-11-28 23:40:13 -------- d-----w- C:\photo1112
2011-11-08 02:28:38 56208 ----a-w-

c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M

====================
.
2011-12-05 16:57:22 23624 ----a-w-

c:\windows\system32\drivers\hitmanpro35.sys
2011-10-15 03:47:31 414368 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w-

c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w-

c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w-

c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w-

c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w-

c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w-

c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w-

c:\windows\system32\oleaccrc.dll
2011-09-21 03:02:01 72080 ----a-w- c:\documents and

settings\norman\g2mdlhlpx.exe
2011-09-14 19:28:08 35712 ----a-w-

c:\windows\system32\drivers\BlackBox.sys
2011-09-13 10:30:10 32592 ----a-w-

c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 15:28:21.29 ===============

Edited by blaumann, 07 December 2011 - 03:35 PM.


BC AdBot (Login to Remove)

 


#2 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 07 December 2011 - 08:20 PM

http://www.bleepingcomputer.com/forums/topic430286.html/page__pid__2495910__st__15#entry2495910

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion:

1.6.0_27
Run by Norman at 15:26:44 on 2011-12-07
Microsoft Windows XP Home Edition

5.1.2600.3.1252.1.1033.18.2038.1439 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare

4\ASCService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program

Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessage

Center.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
c:\Program Files\Microsoft SQL

Server\MSSQL10.SIXBITDBSERVER\MSSQL\Binn\sqlservr.ex

e
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
c:\Program Files\Microsoft SQL

Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure

Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL =

hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://www.google.com
uSearchURL,(Default) =

hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant =

hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: URLSearchHook Class:

{37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program

files\netzero\SearchEnh1.dll
mURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper:

{18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search:

{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b}

- c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
BHO: MSN Toolbar BHO:

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: NetZero Toolbar Helper:

{fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program

files\netzero\ucreg.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} -

c:\program files\netzero\Toolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

c:\program files\msn

toolbar\platform\4.0.0379.0\npwinext.dll
TB: AVG Security Toolbar:

{ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and

settings\norman\local settings\application

data\google\update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "c:\program

files\avg\avg2012\avgtray.exe"
dRunOnce: [FlashPlayerUpdate]

c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.

exe -update activex
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF

0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: vzTCPConfig -

hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfi

g.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} -

hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL

/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7ADB82AE-4AFF-4672-A9C2-432BA6853322}

: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar -

{F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg2012\avgpp.dll
Handler: viprotocol -

{B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program

files\common files\avg secure

search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program

files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class:

{5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and

settings\norman\application

data\mozilla\firefox\profiles\0aa5zmzk.default\
FF - prefs.js: browser.startup.homepage -

hxxps://www.google.com/
FF - prefs.js: keyword.URL -

hxxp://search.avg.com/route/?d=4cb4705c&v=7.008.031.001&

i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGe

ared_tavgp_xputils3.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGe

ared_tavgp_xputils35.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\xpa

vgtbapi.dll
FF - plugin: c:\documents and settings\norman\local

settings\application

data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader

10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader

9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google

earth\plugin\npgeplugin.dll
FF - plugin: c:\program

files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program

files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program

files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft

silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0

AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGID

SEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit

Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7

32592]
R0

RapportKELL;RapportKELL;c:\windows\system32\drivers\Ra

pportKELL.sys [2011-11-7 56208]
R1 Avgldx86;AVG AVI Loader

Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7

230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7

40016]
R1 Avgtdix;AVG TDI

Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7

295248]
R1

RapportCerberus_32301;RapportCerberus_32301;c:\documen

ts and settings\all users\application

data\trusteer\rapport\store\exts\rapportcerberus\baseline\R

apportCerberus32_32301.sys [2011-11-1 227312]
R1 RapportEI;RapportEI;c:\program

files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program

files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program

files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program

files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program

files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdvancedSystemCareService;Advanced SystemCare

Service;c:\program files\iobit\advanced systemcare

4\ASCService.exe [2011-12-2 328536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program

files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program

files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program

files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCe

nter.exe [2011-6-24 151552]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit

malware fighter\IMFsrv.exe [2011-12-2 820568]
R2 MSSQL$SIXBITDBSERVER;SQL Server

(SIXBITDBSERVER);c:\program files\microsoft sql

server\mssql10.sixbitdbserver\mssql\binn\sqlservr.exe

[2009-3-30 43010392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program

files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program

files\secunia\psi\sua.exe [2011-4-19 399416]
R2 vToolbarUpdater;vToolbarUpdater;c:\program

files\common files\avg secure

search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-22

246600]
R3

AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\

AVGIDSDriver.sys [2010-8-19 134608]
R3

AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AV

GIDSFilter.sys [2010-8-19 24272]
R3

AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AV

GIDSShim.sys [2010-8-19 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1

15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver

Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-30

277376]
S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-2-23 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar

Service;c:\program

files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12

1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-2-23 135664]
S3

MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3ccd.t

mp --> c:\windows\system32\3CCD.tmp [?]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\RegFilter.sys [2011-12-2 30368]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\UrlFilter.sys [2011-12-2 16208]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit

malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-12-2

239472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper

Service;c:\program files\microsoft sql

server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103

Driver;c:\windows\system32\drivers\RsFx0103.sys

[2009-3-30 239336]
S4 SQLAgent$SIXBITDBSERVER;SQL Server Agent

(SIXBITDBSERVER);c:\program files\microsoft sql

server\mssql10.sixbitdbserver\mssql\binn\SQLAGENT.EXE

[2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-12-02 23:22:40 -------- d-----w- C:\docuuu
2011-12-02 21:50:21 -------- d-----w- c:\documents and

settings\all users\application data\IObit
2011-12-02 16:45:03 -------- d-----w- c:\documents and

settings\norman\application data\IObit
2011-12-02 16:45:02 -------- d-----w- c:\program

files\IObit
2011-12-01 07:55:33 -------- d-----w- C:\scc_40
2011-11-29 18:54:03 -------- d-----w- c:\program

files\Sophos
2011-11-29 16:09:14 -------- d-----w- c:\program

files\ESET
2011-11-28 23:40:13 -------- d-----w- C:\photo1112
2011-11-08 02:28:38 56208 ----a-w-

c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M

====================
.
2011-12-05 16:57:22 23624 ----a-w-

c:\windows\system32\drivers\hitmanpro35.sys
2011-10-15 03:47:31 414368 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w-

c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w-

c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w-

c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w-

c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w-

c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w-

c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w-

c:\windows\system32\oleaccrc.dll
2011-09-21 03:02:01 72080 ----a-w- c:\documents and

settings\norman\g2mdlhlpx.exe
2011-09-14 19:28:08 35712 ----a-w-

c:\windows\system32\drivers\BlackBox.sys
2011-09-13 10:30:10 32592 ----a-w-

c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 15:28:21.29 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-07 20:15:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD3200AAJS-00L7A0 rev.01.03E01
Running: gmer.exe; Driver: C:\DOCUME~1\Norman\LOCALS~1\Temp\uwlyqkob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA8568080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA8568BDE]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThread [0xA8743750]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA8568DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xA856C5AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xA856C5DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xA856C740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA8568CF6]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA81DCF3C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xA85683EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA856851C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA856C6B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA856C620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA856C652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xA856C684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA8568026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA8568E7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xA856C544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA8567FC0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA81DCFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA81DD080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA81DD11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DE4 80504680 4 Bytes [EA, 83, 56, A8]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA89B4280]
? C:\DOCUME~1\Norman\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[232] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0121FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB23993$\3936207858 0 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814 0 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\bckfg.tmp 764 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\cfg.ini 199 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\keywords 329 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\L 0 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\L\inqmxsfm 456320 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\lsflt7.ver 5175 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U 0 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB23993$\4196902814\U\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----

EDIT: Topics merged ~Budapest

Attached Files


Edited by Budapest, 08 December 2011 - 04:48 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 12 December 2011 - 04:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431198 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 12 December 2011 - 05:47 PM

When i try to go to ebay using IE I am re directed. I can use IE with a seach engine and go to ebay.
I can go to ebay with Chrome or Firefox.
I will do the requested scans asap

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 13 December 2011 - 10:46 AM

Hello blaumann,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 13 December 2011 - 11:10 AM

Using firefox as usual I don't get an option to save these cleaners to my desktop. Is it a big deal if they are saved in my documents? That is what was done the first time.
I wonder why i am doing the same steps again when the logs were posted????

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 13 December 2011 - 11:14 AM

Hello,

Using firefox as usual I don't get an option to save these cleaners to my desktop. Is it a big deal if they are saved in my documents? That is what was done the first time.

Yes you can. Then copy and paste them to your desktop.


I wonder why i am doing the same steps again when the logs were posted????

These are not the same steps or will not produce the same logs. These are very aggressive tools used for cleaning and checking for infections. These are not toys.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 15 December 2011 - 10:30 AM

10:24:49.0546 3056 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
10:24:49.0906 3056 ============================================================
10:24:49.0906 3056 Current date / time: 2011/12/15 10:24:49.0906
10:24:49.0906 3056 SystemInfo:
10:24:49.0906 3056
10:24:49.0906 3056 OS Version: 5.1.2600 ServicePack: 3.0
10:24:49.0906 3056 Product type: Workstation
10:24:49.0953 3056 ComputerName: NORMAN-SCHMUCK
10:24:49.0953 3056 UserName: Norman
10:24:49.0953 3056 Windows directory: C:\WINDOWS
10:24:49.0953 3056 System windows directory: C:\WINDOWS
10:24:49.0953 3056 Processor architecture: Intel x86
10:24:49.0953 3056 Number of processors: 2
10:24:49.0953 3056 Page size: 0x1000
10:24:49.0953 3056 Boot type: Normal boot
10:24:49.0953 3056 ============================================================
10:24:51.0484 3056 Initialize success
10:24:59.0437 3208 ============================================================
10:24:59.0437 3208 Scan started
10:24:59.0437 3208 Mode: Manual;
10:24:59.0437 3208 ============================================================
10:25:00.0125 3208 Scan interrupted by user!
10:25:00.0125 3208 Scan interrupted by user!
10:25:00.0125 3208 Scan interrupted by user!
10:25:00.0125 3208 ============================================================
10:25:00.0125 3208 Scan finished
10:25:00.0125 3208 ============================================================
10:25:00.0125 3200 Detected object count: 0
10:25:00.0125 3200 Actual detected object count: 0
10:25:07.0937 3172 ============================================================
10:25:07.0937 3172 Scan started
10:25:07.0937 3172 Mode: Manual;
10:25:07.0937 3172 ============================================================
10:25:08.0187 3172 Abiosdsk - ok
10:25:08.0187 3172 abp480n5 - ok
10:25:08.0250 3172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:25:08.0250 3172 ACPI - ok
10:25:08.0296 3172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:25:08.0296 3172 ACPIEC - ok
10:25:08.0312 3172 adpu160m - ok
10:25:08.0359 3172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:25:08.0359 3172 aec - ok
10:25:08.0421 3172 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
10:25:08.0421 3172 Afc - ok
10:25:08.0468 3172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:25:08.0500 3172 AFD - ok
10:25:08.0500 3172 Aha154x - ok
10:25:08.0500 3172 aic78u2 - ok
10:25:08.0515 3172 aic78xx - ok
10:25:08.0531 3172 AliIde - ok
10:25:08.0531 3172 amsint - ok
10:25:08.0546 3172 asc - ok
10:25:08.0546 3172 asc3350p - ok
10:25:08.0562 3172 asc3550 - ok
10:25:08.0609 3172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:25:08.0609 3172 AsyncMac - ok
10:25:08.0625 3172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:25:08.0640 3172 atapi - ok
10:25:08.0640 3172 Atdisk - ok
10:25:08.0656 3172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:25:08.0656 3172 Atmarpc - ok
10:25:08.0687 3172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:25:08.0687 3172 audstub - ok
10:25:08.0734 3172 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
10:25:08.0734 3172 AVGIDSDriver - ok
10:25:08.0750 3172 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:25:08.0750 3172 AVGIDSEH - ok
10:25:08.0750 3172 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
10:25:08.0750 3172 AVGIDSFilter - ok
10:25:08.0796 3172 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
10:25:08.0796 3172 AVGIDSShim - ok
10:25:08.0859 3172 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:25:08.0859 3172 Avgldx86 - ok
10:25:08.0890 3172 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:25:08.0890 3172 Avgmfx86 - ok
10:25:08.0890 3172 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:25:08.0906 3172 Avgrkx86 - ok
10:25:08.0937 3172 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:25:08.0937 3172 Avgtdix - ok
10:25:08.0984 3172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:25:09.0000 3172 Beep - ok
10:25:09.0046 3172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:25:09.0046 3172 cbidf2k - ok
10:25:09.0046 3172 cd20xrnt - ok
10:25:09.0093 3172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:25:09.0093 3172 Cdaudio - ok
10:25:09.0140 3172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:25:09.0140 3172 Cdfs - ok
10:25:09.0187 3172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:25:09.0203 3172 Cdrom - ok
10:25:09.0250 3172 CDRPDACC - ok
10:25:09.0250 3172 Changer - ok
10:25:09.0265 3172 CmdIde - ok
10:25:09.0281 3172 Cpqarray - ok
10:25:09.0281 3172 dac2w2k - ok
10:25:09.0296 3172 dac960nt - ok
10:25:09.0328 3172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:25:09.0328 3172 Disk - ok
10:25:09.0359 3172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:25:09.0375 3172 dmboot - ok
10:25:09.0390 3172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:25:09.0390 3172 dmio - ok
10:25:09.0437 3172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:25:09.0437 3172 dmload - ok
10:25:09.0500 3172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:25:09.0500 3172 DMusic - ok
10:25:09.0500 3172 dpti2o - ok
10:25:09.0531 3172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:25:09.0546 3172 drmkaud - ok
10:25:09.0578 3172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:25:09.0578 3172 Fastfat - ok
10:25:09.0609 3172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:25:09.0609 3172 Fdc - ok
10:25:09.0750 3172 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
10:25:09.0765 3172 FileMonitor - ok
10:25:09.0796 3172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:25:09.0796 3172 Fips - ok
10:25:09.0796 3172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:25:09.0796 3172 Flpydisk - ok
10:25:09.0843 3172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:25:09.0843 3172 FltMgr - ok
10:25:09.0875 3172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:25:09.0875 3172 Fs_Rec - ok
10:25:09.0890 3172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:25:09.0890 3172 Ftdisk - ok
10:25:09.0921 3172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:25:09.0921 3172 Gpc - ok
10:25:09.0968 3172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:25:09.0968 3172 HDAudBus - ok
10:25:10.0031 3172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:25:10.0031 3172 HidUsb - ok
10:25:10.0046 3172 hpn - ok
10:25:10.0078 3172 HSFHWBS2 (3e0b68288e468190a5bf4c2ef5998a18) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:25:10.0078 3172 HSFHWBS2 - ok
10:25:10.0125 3172 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:25:10.0156 3172 HSF_DPV - ok
10:25:10.0203 3172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:25:10.0203 3172 HTTP - ok
10:25:10.0218 3172 i2omgmt - ok
10:25:10.0218 3172 i2omp - ok
10:25:10.0281 3172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:25:10.0281 3172 i8042prt - ok
10:25:10.0453 3172 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:25:10.0593 3172 ialm - ok
10:25:10.0625 3172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:25:10.0625 3172 Imapi - ok
10:25:10.0640 3172 ini910u - ok
10:25:10.0656 3172 IntelIde - ok
10:25:10.0687 3172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:25:10.0687 3172 intelppm - ok
10:25:10.0703 3172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:25:10.0703 3172 Ip6Fw - ok
10:25:10.0734 3172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:25:10.0734 3172 IpFilterDriver - ok
10:25:10.0750 3172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:25:10.0750 3172 IpInIp - ok
10:25:10.0765 3172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:25:10.0781 3172 IpNat - ok
10:25:10.0812 3172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:25:10.0828 3172 IPSec - ok
10:25:10.0843 3172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:25:10.0843 3172 IRENUM - ok
10:25:10.0890 3172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:25:10.0890 3172 isapnp - ok
10:25:10.0937 3172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:25:10.0937 3172 Kbdclass - ok
10:25:10.0984 3172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:25:11.0000 3172 kbdhid - ok
10:25:11.0046 3172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:25:11.0046 3172 kmixer - ok
10:25:11.0078 3172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:25:11.0078 3172 KSecDD - ok
10:25:11.0109 3172 L1e (a934bb9b5225a9579f5b52e0ddc10163) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
10:25:11.0109 3172 L1e - ok
10:25:11.0125 3172 lbrtfdc - ok
10:25:11.0187 3172 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:25:11.0187 3172 mdmxsdk - ok
10:25:11.0203 3172 MEMSWEEP2 - ok
10:25:11.0265 3172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:25:11.0265 3172 mnmdd - ok
10:25:11.0312 3172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:25:11.0312 3172 Modem - ok
10:25:11.0312 3172 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:25:11.0312 3172 MODEMCSA - ok
10:25:11.0390 3172 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
10:25:11.0468 3172 monfilt - ok
10:25:11.0484 3172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:25:11.0484 3172 Mouclass - ok
10:25:11.0515 3172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:25:11.0515 3172 MountMgr - ok
10:25:11.0515 3172 mraid35x - ok
10:25:11.0578 3172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:25:11.0578 3172 MRxDAV - ok
10:25:11.0578 3172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:25:11.0593 3172 Msfs - ok
10:25:11.0609 3172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:25:11.0609 3172 MSKSSRV - ok
10:25:11.0625 3172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:25:11.0625 3172 MSPCLOCK - ok
10:25:11.0640 3172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:25:11.0640 3172 MSPQM - ok
10:25:11.0687 3172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:25:11.0687 3172 mssmbios - ok
10:25:11.0718 3172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:25:11.0718 3172 Mup - ok
10:25:11.0734 3172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:25:11.0734 3172 NDIS - ok
10:25:11.0765 3172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:25:11.0765 3172 NdisTapi - ok
10:25:11.0828 3172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:25:11.0828 3172 Ndisuio - ok
10:25:11.0859 3172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:25:11.0859 3172 NdisWan - ok
10:25:11.0859 3172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:25:11.0875 3172 NDProxy - ok
10:25:11.0875 3172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:25:11.0875 3172 NetBIOS - ok
10:25:11.0906 3172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:25:11.0906 3172 NetBT - ok
10:25:11.0921 3172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:25:11.0937 3172 Npfs - ok
10:25:11.0953 3172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:25:11.0968 3172 Ntfs - ok
10:25:12.0015 3172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:25:12.0015 3172 Null - ok
10:25:12.0046 3172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:25:12.0046 3172 NwlnkFlt - ok
10:25:12.0062 3172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:25:12.0062 3172 NwlnkFwd - ok
10:25:12.0109 3172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:25:12.0109 3172 Parport - ok
10:25:12.0140 3172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:25:12.0140 3172 PartMgr - ok
10:25:12.0171 3172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:25:12.0171 3172 ParVdm - ok
10:25:12.0203 3172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:25:12.0203 3172 PCI - ok
10:25:12.0218 3172 PCIDump - ok
10:25:12.0234 3172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:25:12.0234 3172 PCIIde - ok
10:25:12.0265 3172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:25:12.0265 3172 Pcmcia - ok
10:25:12.0265 3172 PDCOMP - ok
10:25:12.0265 3172 PDFRAME - ok
10:25:12.0281 3172 PDRELI - ok
10:25:12.0281 3172 PDRFRAME - ok
10:25:12.0296 3172 perc2 - ok
10:25:12.0296 3172 perc2hib - ok
10:25:12.0375 3172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:25:12.0390 3172 PptpMiniport - ok
10:25:12.0390 3172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:25:12.0390 3172 PSched - ok
10:25:12.0421 3172 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
10:25:12.0421 3172 PSI - ok
10:25:12.0437 3172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:25:12.0437 3172 Ptilink - ok
10:25:12.0453 3172 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:25:12.0453 3172 PxHelp20 - ok
10:25:12.0453 3172 ql1080 - ok
10:25:12.0468 3172 Ql10wnt - ok
10:25:12.0468 3172 ql12160 - ok
10:25:12.0484 3172 ql1240 - ok
10:25:12.0484 3172 ql1280 - ok
10:25:12.0609 3172 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:25:12.0609 3172 RapportEI - ok
10:25:12.0640 3172 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
10:25:12.0640 3172 RapportKELL - ok
10:25:12.0671 3172 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:25:12.0687 3172 RapportPG - ok
10:25:12.0687 3172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:25:12.0687 3172 RasAcd - ok
10:25:12.0703 3172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:25:12.0703 3172 Rasl2tp - ok
10:25:12.0734 3172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:25:12.0734 3172 RasPppoe - ok
10:25:12.0750 3172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:25:12.0750 3172 Raspti - ok
10:25:12.0781 3172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:25:12.0781 3172 Rdbss - ok
10:25:12.0781 3172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:25:12.0781 3172 RDPCDD - ok
10:25:12.0828 3172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:25:12.0843 3172 RDPWD - ok
10:25:12.0875 3172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:25:12.0875 3172 redbook - ok
10:25:13.0015 3172 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
10:25:13.0031 3172 RegFilter - ok
10:25:13.0078 3172 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
10:25:13.0078 3172 RsFx0103 - ok
10:25:13.0125 3172 RTL8023xp (6164f7cff5bd381fda94badc417832c6) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
10:25:13.0140 3172 RTL8023xp - ok
10:25:13.0171 3172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:25:13.0171 3172 rtl8139 - ok
10:25:13.0234 3172 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:25:13.0250 3172 SASDIFSV - ok
10:25:13.0250 3172 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:25:13.0265 3172 SASKUTIL - ok
10:25:13.0296 3172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:25:13.0296 3172 Secdrv - ok
10:25:13.0343 3172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:25:13.0359 3172 serenum - ok
10:25:13.0375 3172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:25:13.0375 3172 Serial - ok
10:25:13.0421 3172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:25:13.0421 3172 Sfloppy - ok
10:25:13.0421 3172 Simbad - ok
10:25:13.0437 3172 Sparrow - ok
10:25:13.0500 3172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:25:13.0500 3172 splitter - ok
10:25:13.0546 3172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:25:13.0546 3172 sr - ok
10:25:13.0578 3172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:25:13.0593 3172 Srv - ok
10:25:13.0625 3172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:25:13.0625 3172 swenum - ok
10:25:13.0656 3172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:25:13.0656 3172 swmidi - ok
10:25:13.0671 3172 symc810 - ok
10:25:13.0671 3172 symc8xx - ok
10:25:13.0671 3172 sym_hi - ok
10:25:13.0687 3172 sym_u3 - ok
10:25:13.0718 3172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:25:13.0718 3172 sysaudio - ok
10:25:13.0781 3172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:25:13.0812 3172 Tcpip - ok
10:25:13.0828 3172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:25:13.0828 3172 TDPIPE - ok
10:25:13.0843 3172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:25:13.0843 3172 TDTCP - ok
10:25:13.0875 3172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:25:13.0875 3172 TermDD - ok
10:25:13.0890 3172 TosIde - ok
10:25:13.0937 3172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:25:13.0937 3172 Udfs - ok
10:25:13.0953 3172 ultra - ok
10:25:14.0000 3172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:25:14.0000 3172 Update - ok
10:25:14.0156 3172 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
10:25:14.0156 3172 UrlFilter - ok
10:25:14.0187 3172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:25:14.0187 3172 usbccgp - ok
10:25:14.0234 3172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:25:14.0234 3172 usbehci - ok
10:25:14.0296 3172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:25:14.0296 3172 usbhub - ok
10:25:14.0312 3172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:25:14.0328 3172 usbprint - ok
10:25:14.0328 3172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:25:14.0343 3172 usbscan - ok
10:25:14.0343 3172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:25:14.0343 3172 USBSTOR - ok
10:25:14.0390 3172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:25:14.0390 3172 usbuhci - ok
10:25:14.0421 3172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:25:14.0421 3172 VgaSave - ok
10:25:14.0468 3172 VIAHdAudAddService (5822017d17d7f14cb5a57c04767135d1) C:\WINDOWS\system32\drivers\viahduaa.sys
10:25:14.0468 3172 VIAHdAudAddService - ok
10:25:14.0484 3172 ViaIde - ok
10:25:14.0531 3172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:25:14.0531 3172 VolSnap - ok
10:25:14.0546 3172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:25:14.0546 3172 Wanarp - ok
10:25:14.0562 3172 WDICA - ok
10:25:14.0593 3172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:25:14.0593 3172 wdmaud - ok
10:25:14.0671 3172 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:25:14.0687 3172 winachsf - ok
10:25:14.0734 3172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:25:14.0765 3172 WudfPf - ok
10:25:14.0765 3172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:25:14.0765 3172 WudfRd - ok
10:25:14.0796 3172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:25:14.0875 3172 \Device\Harddisk0\DR0 - ok
10:25:14.0875 3172 Boot (0x1200) (c9e161ca9a748ff6e6b51874649cfbb7) \Device\Harddisk0\DR0\Partition0
10:25:14.0875 3172 \Device\Harddisk0\DR0\Partition0 - ok
10:25:14.0875 3172 ============================================================
10:25:14.0875 3172 Scan finished
10:25:14.0875 3172 ============================================================
10:25:14.0890 1852 Detected object count: 0
10:25:14.0890 1852 Actual detected object count: 0
10:27:18.0093 3064 Deinitialize success

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 15 December 2011 - 12:33 PM

Hello,

Please run and post the Combofix log. Please make sure Combofix is on your desktop. Please also include how your machine is running.

Edited by fireman4it, 15 December 2011 - 12:34 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 15 December 2011 - 04:42 PM

I will do that combofix as soon as possible.When i use Internet explorer to go to ebay I am redirected to http://ebay.ad31.net/?srt=1
Otherwise sometimes the computer is a bit slow opening web sites or going to a sites next page. I get 'this program is not responding" messages sometimes.
In general the computer works pretty well.

#11 blaumann

blaumann
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 15 December 2011 - 08:23 PM

I upgraded from IE6 to IE8. No more redirect.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 15 December 2011 - 11:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users