Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had removed a few viruses and malware, but keep getting errors


  • This topic is locked This topic is locked
9 replies to this topic

#1 arossbach

arossbach

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 11 December 2011 - 12:36 AM

A couple of weeks ago I caught a few nasty viruses, and it took a couple of days to remove them, along with a variety of peices of malware due to the infection. The original infection was with the Windows XP Antispyware 2012 virus.

I had thought I had taken care of everything, but AVG still keeps popping up warnings that it has found Trojans multiple times a day. The latest warning was for "Trojan Horse backdoor.generic14.bzsz" which I promptly had AVG take care of and move to the Virus Vault.

My question is, what should I do to take care of any latent infection or larger underlying problem? I have a feeling that this is only a sign of a continued, possibly major, infection.

Help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 PM

Posted 11 December 2011 - 12:50 AM

Hello and welcome arossbach. Lets get a few other logs and see what we get. I'll look back tomorrow as I have to go.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 arossbach

arossbach
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 December 2011 - 09:03 PM

Sorry for the late reply, I know you guys are busy helping a lot of people, and I really did not want to keep you waiting on my problems. I have attached all the logs below as requested.


MiniToolBox by Farbar
Ran by My Computer (administrator) on 12-12-2011 at 20:12:15
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Disconnected)
Cisco Systems VPN Adapter = Local Area Connection 5 (Disconnected)
Ralink Turbo Wireless LAN Card = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : my-613be75d9e64
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Donna

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Donna
Description . . . . . . . . . . . : Ralink Turbo Wireless LAN Card
Physical Address. . . . . . . . . : 00-1F-1F-1D-4E-EC
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 8:01:11 PM
Lease Expires . . . . . . . . . . : Tuesday, December 13, 2011 8:01:11 PM
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.113.99, 74.125.113.103, 74.125.113.104, 74.125.113.105
74.125.113.106, 74.125.113.147


Pinging google.com [74.125.115.106] with 32 bytes of data:

Reply from 74.125.115.106: bytes=32 time=54ms TTL=47
Reply from 74.125.115.106: bytes=32 time=56ms TTL=47

Ping statistics for 74.125.115.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 56ms, Average = 55ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=92ms TTL=48
Reply from 209.191.122.70: bytes=32 time=76ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 76ms, Maximum = 92ms, Average = 84ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1f 1f 1d 4e ec ...... Ralink Turbo Wireless LAN Card
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 11:55:20 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 07:02:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/06/2011 06:20:50 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (12/05/2011 07:27:48 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/05/2011 07:27:48 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/04/2011 09:27:19 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Unhandled Exception

Error: (12/03/2011 00:32:04 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1049

Error: (12/01/2011 09:06:22 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (11/30/2011 09:37:15 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (11/29/2011 05:39:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (12/12/2011 08:01:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/12/2011 08:01:54 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/12/2011 08:01:54 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (12/11/2011 11:11:43 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{855B0CE4-E473-4C1F-A67D-CD220BD9723F}.
The backup browser is stopping.

Error: (12/11/2011 11:55:43 AM) (Source: System Error) (User: )
Description: Error code 0000000a, parameter1 00000004, parameter2 0000001c, parameter3 00000000, parameter4 804fa257.

Error: (12/11/2011 11:53:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/11/2011 11:53:45 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/11/2011 11:53:45 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (12/10/2011 02:00:10 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).

Error: (12/09/2011 05:19:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (12/11/2011 11:55:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI

Error: (12/09/2011 07:02:12 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI

Error: (12/06/2011 06:20:50 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (12/05/2011 07:27:48 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI

Error: (12/05/2011 07:27:48 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI

Error: (12/04/2011 09:27:19 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Unhandled Exception

Error: (12/03/2011 00:32:04 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1049

Error: (12/01/2011 09:06:22 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (11/30/2011 09:37:15 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (11/29/2011 05:39:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MY COMPUTER\RECENT\DESKTOP.INI


=========================== Installed Programs ============================

Ad-Aware (Version: 9.6.0)
Adobe Download Manager (Version: 1.6.2.48)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.4.6 (Version: 9.4.6)
AutoCAD 2005 - English (Version: 16.1.63.10)
Autodesk DWF Viewer (Version: 4.1)
Avanquest update (Version: 1.15)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.2102)
AVG 2012 (Version: 2012.0.1873)
CCleaner (Version: 3.13)
Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CutePDF Writer 2.5
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.1.2.2)
DivX Version Checker (Version: 7.1.0.2)
DVD Solution
DVDXCopy Xpress 2.5.2
Edimax Wireless LAN (Version: 1.00.0000)
eReg (Version: 1.20.138.34)
Flickr Uploadr 3.0.2
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin Communicator Plugin (Version: 2.6.4)
Garmin USB Drivers (Version: 1.0.0.0)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
GTA San Andreas (Version: 1.00.00001)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_07 (Version: 1.4.2_07)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MathType 5 (Version: 5.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Multimedia Launcher
Nero OEM
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PCI Desk Wallpaper
PCI Screen Saver
PowerDVD
PowerProducer
Realtek High Definition Audio Driver
Revo Uninstaller 1.92 (Version: 1.92)
Seagate DiscWizard (Version: 11.0.8142)
SeaTools for Windows (Version: 1.2.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.5.2.20
System Requirements Lab
TI Connect 1.6 (Version: 1.6)
TI NoteFolio Creator (Version: 1.1.0.276)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VDMSound 2.0.4 (Version: 2.0.4.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.601 )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2014.73 MB
Available physical RAM: 1094.35 MB
Total Pagefile: 3875.66 MB
Available Pagefile: 3073.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.81 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.09 GB) (Free:164.98 GB) NTFS
3 Drive d: (95CAR11) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
5 Drive g: (New Volume) (Fixed) (Total:111.78 GB) (Free:89.65 GB) NTFS

========================= Users: ========================================

User accounts for \\MY-613BE75D9E64

Administrator ASPNET Guest
HelpAssistant My Computer SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini121111-01.dmp

**** End of log ****







20:22:32.0015 3348 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:22:32.0406 3348 ============================================================
20:22:32.0406 3348 Current date / time: 2011/12/12 20:22:32.0406
20:22:32.0406 3348 SystemInfo:
20:22:32.0406 3348
20:22:32.0406 3348 OS Version: 5.1.2600 ServicePack: 3.0
20:22:32.0406 3348 Product type: Workstation
20:22:32.0406 3348 ComputerName: MY-613BE75D9E64
20:22:32.0406 3348 UserName: My Computer
20:22:32.0406 3348 Windows directory: C:\WINDOWS
20:22:32.0406 3348 System windows directory: C:\WINDOWS
20:22:32.0406 3348 Processor architecture: Intel x86
20:22:32.0406 3348 Number of processors: 2
20:22:32.0406 3348 Page size: 0x1000
20:22:32.0406 3348 Boot type: Normal boot
20:22:32.0406 3348 ============================================================
20:22:33.0890 3348 Initialize success
20:22:48.0750 3928 ============================================================
20:22:48.0750 3928 Scan started
20:22:48.0750 3928 Mode: Manual;
20:22:48.0750 3928 ============================================================
20:22:49.0218 3928 Abiosdsk - ok
20:22:49.0234 3928 abp480n5 - ok
20:22:49.0265 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:22:49.0281 3928 ACPI - ok
20:22:49.0296 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:22:49.0296 3928 ACPIEC - ok
20:22:49.0312 3928 adpu160m - ok
20:22:49.0343 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:22:49.0343 3928 aec - ok
20:22:49.0390 3928 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:22:49.0390 3928 AegisP - ok
20:22:49.0437 3928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:22:49.0437 3928 AFD - ok
20:22:49.0437 3928 Aha154x - ok
20:22:49.0453 3928 aic78u2 - ok
20:22:49.0468 3928 aic78xx - ok
20:22:49.0484 3928 AliIde - ok
20:22:49.0500 3928 amsint - ok
20:22:49.0515 3928 asc - ok
20:22:49.0531 3928 asc3350p - ok
20:22:49.0546 3928 asc3550 - ok
20:22:49.0578 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:22:49.0578 3928 AsyncMac - ok
20:22:49.0578 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:22:49.0593 3928 atapi - ok
20:22:49.0593 3928 Atdisk - ok
20:22:49.0640 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:22:49.0640 3928 Atmarpc - ok
20:22:49.0671 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:22:49.0671 3928 audstub - ok
20:22:49.0734 3928 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:22:49.0734 3928 AVGIDSDriver - ok
20:22:49.0750 3928 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:22:49.0765 3928 AVGIDSEH - ok
20:22:49.0781 3928 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:22:49.0781 3928 AVGIDSFilter - ok
20:22:49.0812 3928 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:22:49.0812 3928 AVGIDSShim - ok
20:22:49.0859 3928 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:22:49.0859 3928 Avgldx86 - ok
20:22:49.0875 3928 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:22:49.0875 3928 Avgmfx86 - ok
20:22:49.0921 3928 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:22:49.0921 3928 Avgrkx86 - ok
20:22:49.0937 3928 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:22:49.0953 3928 Avgtdix - ok
20:22:49.0984 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:22:49.0984 3928 Beep - ok
20:22:50.0000 3928 catchme - ok
20:22:50.0046 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:22:50.0046 3928 cbidf2k - ok
20:22:50.0093 3928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:22:50.0093 3928 CCDECODE - ok
20:22:50.0093 3928 cd20xrnt - ok
20:22:50.0109 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:22:50.0109 3928 Cdaudio - ok
20:22:50.0125 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:22:50.0125 3928 Cdfs - ok
20:22:50.0156 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:22:50.0156 3928 Cdrom - ok
20:22:50.0203 3928 CDRPDACC - ok
20:22:50.0218 3928 Changer - ok
20:22:50.0234 3928 CmdIde - ok
20:22:50.0250 3928 Cpqarray - ok
20:22:50.0296 3928 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:22:50.0296 3928 CVirtA - ok
20:22:50.0343 3928 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:22:50.0343 3928 CVPNDRVA - ok
20:22:50.0359 3928 dac2w2k - ok
20:22:50.0375 3928 dac960nt - ok
20:22:50.0390 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:22:50.0390 3928 Disk - ok
20:22:50.0437 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:22:50.0453 3928 dmboot - ok
20:22:50.0484 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
20:22:50.0484 3928 dmio - ok
20:22:50.0500 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:22:50.0500 3928 dmload - ok
20:22:50.0515 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:22:50.0515 3928 DMusic - ok
20:22:50.0562 3928 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:22:50.0562 3928 DNE - ok
20:22:50.0578 3928 dpti2o - ok
20:22:50.0593 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:22:50.0593 3928 drmkaud - ok
20:22:50.0640 3928 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
20:22:50.0640 3928 dtscsi - ok
20:22:50.0687 3928 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:22:50.0687 3928 E100B - ok
20:22:50.0718 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:22:50.0718 3928 Fastfat - ok
20:22:50.0750 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:22:50.0750 3928 Fdc - ok
20:22:50.0765 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:22:50.0765 3928 Fips - ok
20:22:50.0781 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:22:50.0781 3928 Flpydisk - ok
20:22:50.0828 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:22:50.0828 3928 FltMgr - ok
20:22:50.0843 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:22:50.0843 3928 Fs_Rec - ok
20:22:50.0859 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:22:50.0859 3928 Ftdisk - ok
20:22:50.0906 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:22:50.0906 3928 Gpc - ok
20:22:50.0953 3928 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
20:22:50.0953 3928 HdAudAddService - ok
20:22:51.0000 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:22:51.0000 3928 HDAudBus - ok
20:22:51.0031 3928 hpn - ok
20:22:51.0078 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:22:51.0078 3928 HTTP - ok
20:22:51.0093 3928 i2omgmt - ok
20:22:51.0109 3928 i2omp - ok
20:22:51.0109 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:22:51.0125 3928 i8042prt - ok
20:22:51.0265 3928 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:22:51.0312 3928 ialm - ok
20:22:51.0343 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:22:51.0343 3928 Imapi - ok
20:22:51.0359 3928 ini910u - ok
20:22:51.0453 3928 IntcAzAudAddService (c60b77a9eac40774556201a736e050a8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:22:51.0468 3928 IntcAzAudAddService - ok
20:22:51.0484 3928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:22:51.0484 3928 IntelIde - ok
20:22:51.0515 3928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:22:51.0515 3928 intelppm - ok
20:22:51.0546 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:22:51.0546 3928 Ip6Fw - ok
20:22:51.0562 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:22:51.0562 3928 IpFilterDriver - ok
20:22:51.0578 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:22:51.0578 3928 IpInIp - ok
20:22:51.0609 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:22:51.0609 3928 IpNat - ok
20:22:51.0640 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:22:51.0640 3928 IPSec - ok
20:22:51.0671 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:22:51.0671 3928 IRENUM - ok
20:22:51.0703 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:22:51.0703 3928 isapnp - ok
20:22:51.0781 3928 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:22:51.0781 3928 ISWKL - ok
20:22:51.0843 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:22:51.0843 3928 Kbdclass - ok
20:22:51.0890 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:22:51.0890 3928 kmixer - ok
20:22:51.0937 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:22:51.0937 3928 KSecDD - ok
20:22:51.0984 3928 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:22:51.0984 3928 Lavasoft Kernexplorer - ok
20:22:52.0031 3928 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:22:52.0031 3928 Lbd - ok
20:22:52.0062 3928 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:22:52.0062 3928 LBeepKE - ok
20:22:52.0078 3928 lbrtfdc - ok
20:22:52.0140 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:22:52.0140 3928 mnmdd - ok
20:22:52.0171 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:22:52.0171 3928 Modem - ok
20:22:52.0218 3928 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:22:52.0218 3928 motmodem - ok
20:22:52.0250 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:22:52.0250 3928 Mouclass - ok
20:22:52.0265 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:22:52.0265 3928 MountMgr - ok
20:22:52.0312 3928 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
20:22:52.0312 3928 MR97310_USB_DUAL_CAMERA - ok
20:22:52.0328 3928 mraid35x - ok
20:22:52.0343 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:22:52.0343 3928 MRxDAV - ok
20:22:52.0390 3928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:22:52.0390 3928 MRxSmb - ok
20:22:52.0421 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:22:52.0421 3928 Msfs - ok
20:22:52.0453 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:22:52.0453 3928 MSKSSRV - ok
20:22:52.0484 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:22:52.0484 3928 MSPCLOCK - ok
20:22:52.0500 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:22:52.0500 3928 MSPQM - ok
20:22:52.0531 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:22:52.0531 3928 mssmbios - ok
20:22:52.0562 3928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:22:52.0562 3928 MSTEE - ok
20:22:52.0609 3928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:22:52.0609 3928 Mup - ok
20:22:52.0640 3928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:22:52.0640 3928 NABTSFEC - ok
20:22:52.0671 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:22:52.0671 3928 NDIS - ok
20:22:52.0703 3928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:22:52.0703 3928 NdisIP - ok
20:22:52.0734 3928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:22:52.0734 3928 NdisTapi - ok
20:22:52.0765 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:22:52.0765 3928 Ndisuio - ok
20:22:52.0781 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:22:52.0781 3928 NdisWan - ok
20:22:52.0812 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:22:52.0828 3928 NDProxy - ok
20:22:52.0843 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:22:52.0843 3928 NetBIOS - ok
20:22:52.0875 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:22:52.0875 3928 NetBT - ok
20:22:52.0921 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:22:52.0921 3928 Npfs - ok
20:22:52.0968 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:22:52.0968 3928 Ntfs - ok
20:22:53.0000 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:22:53.0000 3928 Null - ok
20:22:53.0031 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:22:53.0031 3928 NwlnkFlt - ok
20:22:53.0062 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:22:53.0062 3928 NwlnkFwd - ok
20:22:53.0093 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:22:53.0093 3928 Parport - ok
20:22:53.0109 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:22:53.0109 3928 PartMgr - ok
20:22:53.0156 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:22:53.0156 3928 ParVdm - ok
20:22:53.0203 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:22:53.0203 3928 PCI - ok
20:22:53.0203 3928 PCIDump - ok
20:22:53.0250 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:22:53.0250 3928 PCIIde - ok
20:22:53.0281 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:22:53.0296 3928 Pcmcia - ok
20:22:53.0296 3928 Pcouffin - ok
20:22:53.0312 3928 PDCOMP - ok
20:22:53.0328 3928 PDFRAME - ok
20:22:53.0343 3928 PDRELI - ok
20:22:53.0359 3928 PDRFRAME - ok
20:22:53.0359 3928 perc2 - ok
20:22:53.0375 3928 perc2hib - ok
20:22:53.0421 3928 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
20:22:53.0421 3928 pfc - ok
20:22:53.0453 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:22:53.0453 3928 PptpMiniport - ok
20:22:53.0468 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:22:53.0468 3928 PSched - ok
20:22:53.0484 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:22:53.0484 3928 Ptilink - ok
20:22:53.0515 3928 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:22:53.0515 3928 PxHelp20 - ok
20:22:53.0531 3928 ql1080 - ok
20:22:53.0546 3928 Ql10wnt - ok
20:22:53.0562 3928 ql12160 - ok
20:22:53.0578 3928 ql1240 - ok
20:22:53.0578 3928 ql1280 - ok
20:22:53.0609 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:22:53.0609 3928 RasAcd - ok
20:22:53.0625 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:22:53.0625 3928 Rasl2tp - ok
20:22:53.0640 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:22:53.0656 3928 RasPppoe - ok
20:22:53.0656 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:22:53.0656 3928 Raspti - ok
20:22:53.0687 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:22:53.0687 3928 Rdbss - ok
20:22:53.0703 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:22:53.0703 3928 RDPCDD - ok
20:22:53.0718 3928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:22:53.0718 3928 rdpdr - ok
20:22:53.0765 3928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:22:53.0781 3928 RDPWD - ok
20:22:53.0796 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:22:53.0796 3928 redbook - ok
20:22:53.0859 3928 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
20:22:53.0859 3928 RT61 - ok
20:22:53.0906 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:22:53.0906 3928 Secdrv - ok
20:22:53.0921 3928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:22:53.0937 3928 serenum - ok
20:22:53.0937 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:22:53.0953 3928 Serial - ok
20:22:53.0984 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:22:53.0984 3928 Sfloppy - ok
20:22:54.0000 3928 Simbad - ok
20:22:54.0031 3928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:22:54.0031 3928 SLIP - ok
20:22:54.0078 3928 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
20:22:54.0078 3928 SMBios - ok
20:22:54.0125 3928 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:22:54.0125 3928 snapman - ok
20:22:54.0140 3928 Sparrow - ok
20:22:54.0156 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:22:54.0156 3928 splitter - ok
20:22:54.0171 3928 sptd - ok
20:22:54.0187 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:22:54.0187 3928 sr - ok
20:22:54.0218 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:22:54.0218 3928 Srv - ok
20:22:54.0265 3928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:22:54.0265 3928 streamip - ok
20:22:54.0281 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:22:54.0296 3928 swenum - ok
20:22:54.0312 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:22:54.0312 3928 swmidi - ok
20:22:54.0328 3928 symc810 - ok
20:22:54.0343 3928 symc8xx - ok
20:22:54.0406 3928 SYMIDSCO - ok
20:22:54.0421 3928 sym_hi - ok
20:22:54.0437 3928 sym_u3 - ok
20:22:54.0484 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:22:54.0484 3928 sysaudio - ok
20:22:54.0531 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:22:54.0531 3928 Tcpip - ok
20:22:54.0562 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:22:54.0562 3928 TDPIPE - ok
20:22:54.0609 3928 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
20:22:54.0609 3928 tdrpman - ok
20:22:54.0625 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:22:54.0625 3928 TDTCP - ok
20:22:54.0656 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:22:54.0656 3928 TermDD - ok
20:22:54.0703 3928 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
20:22:54.0703 3928 TIEHDUSB - ok
20:22:54.0718 3928 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:22:54.0718 3928 tifsfilter - ok
20:22:54.0734 3928 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:22:54.0750 3928 timounter - ok
20:22:54.0765 3928 TosIde - ok
20:22:54.0796 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:22:54.0812 3928 Udfs - ok
20:22:54.0828 3928 ultra - ok
20:22:54.0859 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:22:54.0859 3928 Update - ok
20:22:54.0921 3928 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:22:54.0921 3928 USBAAPL - ok
20:22:54.0953 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:22:54.0953 3928 usbehci - ok
20:22:54.0984 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:22:54.0984 3928 usbhub - ok
20:22:55.0015 3928 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
20:22:55.0015 3928 usbsermpt - ok
20:22:55.0046 3928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:22:55.0046 3928 USBSTOR - ok
20:22:55.0062 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:22:55.0062 3928 usbuhci - ok
20:22:55.0078 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:22:55.0078 3928 VgaSave - ok
20:22:55.0093 3928 ViaIde - ok
20:22:55.0140 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:22:55.0140 3928 VolSnap - ok
20:22:55.0187 3928 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
20:22:55.0203 3928 Vsdatant - ok
20:22:55.0234 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:22:55.0234 3928 Wanarp - ok
20:22:55.0296 3928 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:22:55.0296 3928 Wdf01000 - ok
20:22:55.0312 3928 WDICA - ok
20:22:55.0343 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:22:55.0343 3928 wdmaud - ok
20:22:55.0437 3928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:22:55.0437 3928 WpdUsb - ok
20:22:55.0468 3928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:22:55.0468 3928 WSTCODEC - ok
20:22:55.0500 3928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:22:55.0500 3928 WudfPf - ok
20:22:55.0531 3928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:22:55.0531 3928 WudfRd - ok
20:22:55.0562 3928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:22:55.0671 3928 \Device\Harddisk0\DR0 - ok
20:22:55.0687 3928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:22:55.0875 3928 \Device\Harddisk1\DR1 - ok
20:22:55.0875 3928 Boot (0x1200) (0d4bbfbe298cea3e984bc1982f048ac6) \Device\Harddisk0\DR0\Partition0
20:22:55.0875 3928 \Device\Harddisk0\DR0\Partition0 - ok
20:22:55.0890 3928 Boot (0x1200) (39ad45cf15d43cca0bb23ae3880e692a) \Device\Harddisk1\DR1\Partition0
20:22:55.0890 3928 \Device\Harddisk1\DR1\Partition0 - ok
20:22:55.0890 3928 ============================================================
20:22:55.0890 3928 Scan finished
20:22:55.0890 3928 ============================================================
20:22:55.0906 0968 Detected object count: 0
20:22:55.0906 0968 Actual detected object count: 0







Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8362

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2011 8:39:33 PM
mbam-log-2011-12-12 (20-39-33).txt

Scan type: Quick scan
Objects scanned: 182469
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 PM

Posted 12 December 2011 - 10:07 PM

Hello, are you still getting errors?

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 arossbach

arossbach
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 December 2011 - 04:56 AM

I was not getting any errors or warnings, but after a short while, AVG kept popping up with threats. The eset results are below:

C:\Documents and Settings\My Computer\Application Data\Sun\Java\Deployment\cache\6.0\41\4ae491e9-7a8572ce multiple threats deleted - quarantined
C:\Documents and Settings\My Computer\My Documents\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.12.2011_08.52.06\susp0002\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.12.2011_08.52.06\susp0010\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.12.2011_08.52.06\susp0018\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.12.2011_09.15.11\susp0002\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 PM

Posted 13 December 2011 - 02:20 PM

Ok, looks better, I can't imagine what AVG is seeing.
Can you list a couple?

When did you last run ComboFix>?
If you have now Updated java that Java item in ESET is no longer important .
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 arossbach

arossbach
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 December 2011 - 06:34 PM

I did update the Java JRE software.

I cannot remember the last time I had to run ComboFix on this.

The most common one that pops up is "Trojan Horse BackDoor.Generic14.BZSZ" That has been reoccurring over a dozen times within the past few days. "Trojan horse FakeAV.WMQ" had popped up three times last evening, when I was scanning (two were within seconds of each other) and one time about three hours later.

I do not know if this is of consequence, but XP has the standard "warning shield" telling me I have the automatic updates disabled. When I try to enable it through that dialog box, XP says that it cannot at that time and I should go through the control panel. When I go in there, I have the fully automatic selection, to check/download/install updates in the wee hours of the morning.

This is odd, since XP is telling me something that is not true, unless my previous fake antivirus virus is still screwing with my system.

Here is the last few days worth of info from AVG, since I last reinstalled it:

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP96\A0015206.sys";"Moved to Virus Vault";"12/13/2011, 3:59:47 AM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse FakeAV.WMQ";"c:\Documents and Settings\My Computer\Application Data\Sun\Java\Deployment\cache\6.0\58\13152fba-6130ccde";"Moved to Virus Vault";"12/12/2011, 11:23:02 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"
"Trojan horse FakeAV.WMQ";"c:\Documents and Settings\My Computer\Local Settings\Application Data\epd.exe";"Moved to Virus Vault";"12/12/2011, 8:28:52 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse FakeAV.WMQ";"c:\Documents and Settings\My Computer\Local Settings\temp\492.4400.exe";"Moved to Virus Vault";"12/12/2011, 8:28:38 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0014977.sys";"Moved to Virus Vault";"12/11/2011, 6:48:18 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0014929.sys";"Moved to Virus Vault";"12/10/2011, 11:38:03 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0014901.sys";"Moved to Virus Vault";"12/10/2011, 2:57:09 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0014843.sys";"Moved to Virus Vault";"12/10/2011, 9:51:13 AM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0014506.sys";"Moved to Virus Vault";"12/9/2011, 5:04:36 AM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0013506.sys";"Moved to Virus Vault";"12/9/2011, 12:32:02 AM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic14.BZSZ";"c:\System Volume Information\_restore{E116A297-4E3B-46CC-ACBE-769D19CB3207}\RP94\A0013385.sys";"Moved to Virus Vault";"12/4/2011, 6:59:57 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Found Tracking cookie.2o7";"c:\Documents and Settings\NetworkService\Cookies\5N5VQ7DO.txt";"";"12/3/2011, 12:13:09 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Zedo";"c:\Documents and Settings\NetworkService\Cookies\2TMBW99Z.txt";"";"12/3/2011, 12:13:02 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Questionmarket";"c:\Documents and Settings\NetworkService\Cookies\DQKGH4P6.txt";"";"12/3/2011, 12:12:13 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Casalemedia";"c:\Documents and Settings\NetworkService\Cookies\ETT49Y58.txt";"";"12/3/2011, 12:12:01 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Pro-market";"c:\Documents and Settings\NetworkService\Cookies\ITZS14WJ.txt";"";"12/3/2011, 12:11:21 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Adbrite";"c:\Documents and Settings\NetworkService\Cookies\XK2T6KW8.txt";"";"12/3/2011, 12:11:18 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Revsci";"c:\Documents and Settings\NetworkService\Cookies\0TXWDTC9.txt";"";"12/3/2011, 12:11:18 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.247realmedia";"c:\Documents and Settings\NetworkService\Cookies\IU74XG4I.txt";"";"12/3/2011, 12:11:06 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Realmedia";"c:\Documents and Settings\NetworkService\Cookies\AKVIMDSH.txt";"";"12/3/2011, 12:10:53 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Ru4";"c:\Documents and Settings\NetworkService\Cookies\J2ST0ZCN.txt";"";"12/3/2011, 12:10:24 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Tribalfusion";"c:\Documents and Settings\NetworkService\Cookies\IDOWJWL9.txt";"";"12/3/2011, 12:09:14 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Atdmt";"c:\Documents and Settings\NetworkService\Cookies\IN6HC7P4.txt";"";"12/3/2011, 12:09:04 PM";"file";"C:\WINDOWS\explorer.exe"
"Found Tracking cookie.Burstnet";"c:\Documents and Settings\NetworkService\Cookies\G809IZOE.txt";"";"12/3/2011, 12:09:01 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Advertising";"c:\Documents and Settings\NetworkService\Cookies\KDAUNQ5A.txt";"";"12/3/2011, 12:08:45 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Fastclick";"c:\Documents and Settings\NetworkService\Cookies\4ZAQBR07.txt";"";"12/3/2011, 12:08:44 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Found Tracking cookie.Atdmt";"c:\Documents and Settings\NetworkService\Cookies\IN6HC7P4.txt";"";"12/3/2011, 12:08:25 PM";"file";"C:\WINDOWS\explorer.exe"
"Found Tracking cookie.Atdmt";"c:\Documents and Settings\NetworkService\Cookies\IN6HC7P4.txt";"";"12/3/2011, 12:07:48 PM";"file";"C:\WINDOWS\system32\ping.exe"
"Virus found Win32/Cryptor";"c:\WINDOWS\temp\0.5344748836545345.exe";"Moved to Virus Vault";"12/3/2011, 6:37:17 AM";"file";"C:\WINDOWS\system32\ping.exe"
"Trojan horse PSW.Generic9.ASRC";"c:\WINDOWS\system32\J8c51.com";"Moved to Virus Vault";"12/3/2011, 2:49:52 AM";"file";"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
"Trojan horse PSW.Generic9.ASRC";"c:\WINDOWS\temp\oasceg\setup.exe";"Infected";"12/3/2011, 2:27:55 AM";"file";"C:\WINDOWS\system32\lsdelete.exe"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 PM

Posted 14 December 2011 - 02:43 PM

Looks like you will need to posy a DDS log,as you have a few thinks there you definately want off as they can come back.
ping.exe and the backdoors are troublesome and may be reinfecting you as they make contact outside.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 arossbach

arossbach
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 15 December 2011 - 03:25 AM

Thank you so much for your help.

The other thread can be found here: http://www.bleepingcomputer.com/forums/topic432545.html/page__view__findpost__p__2510245

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 PM

Posted 15 December 2011 - 02:25 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users