Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Ponmocup.aa Trojan


  • This topic is locked This topic is locked
16 replies to this topic

#1 freakyfred

freakyfred

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 09 February 2012 - 03:30 PM

Hello!

I have a problem with Win32/Ponmocup.aa Trojan found by Nod 32. I got some notifications, but didn't pay attention at first and after a while, I started to send spam e-mails to my mail contacts.. After trying some programs, I keep having startup freezes (even in Safe Mode) from time to time. Before sending spam e-mails, I experienced some Google redirections and I was encountering some pop-ups messages from Internet Explorer. Now, I don't know for sure if they're related.

Here is the log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dragusanu at 21:15:45 on 2012-02-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.465 [GMT 2:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Join Air\AssistantServices.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Webshots\webshots.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.ro
uStart Page = hxxp://www.google.ro/
uSearch Bar = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {A823A630-78C6-4637-AF80-AEDCA5BB74C1} - No File
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [UIExec] "c:\program files\join air\UIExec.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dragus~1\startm~1\programs\startup\webshots.lnk - d:\webshots\Launcher.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam2.primariaarad.ro:8082/activex/AMC.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dragusanu\application data\mozilla\firefox\profiles\f5v53etq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\divx\divx player\npDivxPlayerPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-2-8 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-2-8 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-2-8 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-8 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-8 69392]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-2-8 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-2-8 247760]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-2-8 366840]
R2 UI Assistant Service;UI Assistant Service;c:\program files\join air\AssistantServices.exe [2010-9-5 246272]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-1 218176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-7-20 338944]
S2 OODefragAgent;O&O Defrag Agent;"d:\o&o drfrag\oodag.exe" --> d:\o&o drfrag\oodag.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-9-5 9216]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-10-30 23936]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-2-8 70536]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-2-8 1150936]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2010-1-30 18088]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-8 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys --> c:\windows\system32\drivers\vproiah.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-6-6 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-6-6 5248]
.
=============== Created Last 30 ================
.
2012-02-09 17:04:14 -------- dc----w- c:\program files\Cobian Backup 8
2012-02-08 17:43:35 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\Threat Expert
2012-02-08 17:42:36 767952 -c--a-w- c:\windows\BDTSupport.dll
2012-02-08 17:42:33 2000848 -c--a-w- c:\windows\PCTBDCore.dll
2012-02-08 17:42:33 1533904 -c--a-w- c:\windows\PCTBDRes.dll
2012-02-08 17:42:33 149456 -c--a-w- c:\windows\SGDetectionTool.dll
2012-02-08 17:42:30 69392 -cs---w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-08 17:42:29 51984 -cs---w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-08 17:42:29 33552 -cs---w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-08 17:30:03 656320 -c--a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-08 17:30:02 338880 -c--a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-08 17:30:02 251560 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-02-08 17:29:58 239168 -c--a-w- c:\windows\system32\drivers\PCTCore.sys
2012-02-08 17:29:58 160448 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-08 17:29:51 70536 -c--a-w- c:\windows\system32\drivers\pctplsg.sys
2012-02-08 17:29:21 -------- dc----w- c:\program files\PC Tools Security
2012-02-08 17:29:21 -------- dc----w- c:\program files\common files\PC Tools
2012-02-08 17:29:21 -------- dc----w- c:\documents and settings\dragusanu\application data\PC Tools
2012-02-08 17:28:00 -------- dc----w- c:\documents and settings\all users\application data\PC Tools
2012-02-08 09:22:04 -------- dc----w- c:\documents and settings\dragusanu\application data\HD Tune Pro
2012-02-08 09:21:59 -------- dc----w- c:\program files\HD Tune Pro
2012-02-08 00:41:04 -------- dc----w- c:\documents and settings\dragusanu\application data\Malwarebytes
2012-02-08 00:40:57 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-08 00:40:55 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 00:40:55 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 00:26:40 388096 -c--a-r- c:\documents and settings\dragusanu\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-08 00:26:39 -------- dc----w- c:\program files\Trend Micro
2012-02-04 15:22:10 -------- dc----w- c:\documents and settings\dragusanu\application data\BlackBean
2012-02-04 10:16:38 805400 -c--a-r- c:\windows\system32\tmpD8DD.tmp
2012-02-03 20:19:08 -------- dc----w- c:\documents and settings\dragusanu\application data\FUEL
2012-02-03 14:39:50 -------- dc----w- c:\documents and settings\all users\application data\Test Drive Unlimited
2012-02-03 12:10:51 805400 -c--a-r- c:\windows\system32\tmp41DC.tmp
2012-02-03 12:10:51 805400 -c--a-r- c:\windows\system32\tmp41DB.tmp
2012-02-02 19:59:18 66872 -c--a-w- c:\windows\system32\PnkBstrA.exe
2012-02-02 19:59:17 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-02 19:59:09 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2012-02-02 18:22:29 -------- dc----w- c:\program files\NVIDIA Corporation
2012-02-01 08:42:12 126976 -csha-r- c:\windows\system32\mswebdvd9.dll
2012-01-29 15:38:05 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\Deployment
2012-01-27 13:15:00 69714 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-01-27 13:15:00 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-01-27 13:15:00 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-01-27 13:15:00 184320 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-01-27 13:14:58 753664 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-01-27 13:14:51 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-01-27 13:14:50 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-01-26 13:09:31 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\visi_coupon
2012-01-26 12:31:33 -------- dc----w- c:\windows\SxsCaPendDel
2012-01-12 15:56:37 -------- dc----w- c:\documents and settings\dragusanu\application data\TeamViewer
.
==================== Find3M ====================
.
2012-02-03 12:17:18 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
2011-11-20 05:27:04 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-11-14 14:06:18 1585662 -c--a-w- c:\program files\Cult3D_IE_5.3.0.228.exe
.
============= FINISH: 21:16:55,93 ===============

Attached Files


Edited by freakyfred, 09 February 2012 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 10 February 2012 - 06:49 PM

Hi,

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 11 February 2012 - 09:31 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 16:04:13
-----------------------------
16:04:13.078 OS Version: Windows 5.1.2600 Service Pack 3
16:04:13.078 Number of processors: 2 586 0xF0D
16:04:13.078 ComputerName: TOSHIBAL40 UserName: Dragusanu
16:04:13.468 Initialize success
16:07:36.046 AVAST engine defs: 12021100
16:14:27.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:14:27.484 Disk 0 Vendor: FUJITSU_ 0040 Size: 114473MB BusType: 3
16:14:27.500 Disk 0 MBR read successfully
16:14:27.500 Disk 0 MBR scan
16:14:27.531 Disk 0 Windows XP default MBR code
16:14:27.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10236 MB offset 63
16:14:27.531 Disk 0 Partition - 00 0F Extended LBA 104226 MB offset 20964825
16:14:27.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20481 MB offset 20964888
16:14:27.562 Disk 0 Partition - 00 05 Extended 83745 MB offset 62910540
16:14:27.593 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 83745 MB offset 62910603
16:14:27.593 Disk 0 scanning sectors +234420480
16:14:27.671 Disk 0 scanning C:\WINDOWS\system32\drivers
16:14:51.734 Service scanning
16:14:54.765 Modules scanning
16:15:06.671 Disk 0 trace - called modules:
16:15:06.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll sfsync02.sys iaStor.sys
16:15:06.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f32300]
16:15:06.703 3 CLASSPNP.SYS[f7558fd7] -> nt!IofCallDriver -> [0x86f32ae0]
16:15:06.703 5 PCTCore.sys[f7246099] -> nt!IofCallDriver -> \Device\00000083[0x86f49438]
16:15:06.703 7 ACPI.sys[f73df620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f4b030]
16:15:07.093 AVAST engine scan C:\WINDOWS
16:15:13.828 AVAST engine scan C:\WINDOWS\system32
16:16:34.218 File: C:\WINDOWS\system32\mswebdvd9.dll **INFECTED** Win32:Diller-V [Trj]
16:18:20.734 AVAST engine scan C:\WINDOWS\system32\drivers
16:18:43.453 AVAST engine scan C:\Documents and Settings\Dragusanu
16:20:48.281 AVAST engine scan C:\Documents and Settings\All Users
16:21:34.031 Scan finished successfully
16:22:04.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dragusanu\Desktop\MBR.dat"
16:22:04.625 The log file has been saved successfully to "C:\Documents and Settings\Dragusanu\Desktop\aswMBR.txt"


Here is the download link to MBR.dat.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 11 February 2012 - 03:00 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 11 February 2012 - 05:07 PM

The TDSSKiller scan found no threats:

23:05:49.0015 3396 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
23:05:49.0359 3396 ============================================================
23:05:49.0359 3396 Current date / time: 2012/02/11 23:05:49.0359
23:05:49.0359 3396 SystemInfo:
23:05:49.0359 3396
23:05:49.0359 3396 OS Version: 5.1.2600 ServicePack: 3.0
23:05:49.0359 3396 Product type: Workstation
23:05:49.0359 3396 ComputerName: TOSHIBAL40
23:05:49.0359 3396 UserName: Dragusanu
23:05:49.0359 3396 Windows directory: C:\WINDOWS
23:05:49.0359 3396 System windows directory: C:\WINDOWS
23:05:49.0359 3396 Processor architecture: Intel x86
23:05:49.0359 3396 Number of processors: 2
23:05:49.0359 3396 Page size: 0x1000
23:05:49.0359 3396 Boot type: Normal boot
23:05:49.0359 3396 ============================================================
23:05:50.0234 3396 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:05:50.0250 3396 \Device\Harddisk0\DR0:
23:05:50.0250 3396 MBR used
23:05:50.0250 3396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13FE59A
23:05:50.0250 3396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13FE618, BlocksNum 0x2800A34
23:05:50.0265 3396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3BFF08B, BlocksNum 0xA390875
23:05:50.0375 3396 Initialize success
23:05:50.0375 3396 ============================================================
23:06:03.0906 3960 ============================================================
23:06:03.0906 3960 Scan started
23:06:03.0906 3960 Mode: Manual; TDLFS;
23:06:03.0906 3960 ============================================================
23:06:04.0781 3960 Abiosdsk - ok
23:06:04.0812 3960 abp480n5 - ok
23:06:04.0859 3960 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:06:04.0921 3960 ACPI - ok
23:06:04.0968 3960 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:06:04.0984 3960 ACPIEC - ok
23:06:05.0015 3960 adpu160m - ok
23:06:05.0062 3960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:06:05.0093 3960 aec - ok
23:06:05.0156 3960 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:06:05.0156 3960 AFD - ok
23:06:05.0265 3960 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:06:05.0328 3960 AgereSoftModem - ok
23:06:05.0359 3960 Aha154x - ok
23:06:05.0375 3960 aic78u2 - ok
23:06:05.0406 3960 aic78xx - ok
23:06:05.0437 3960 AliIde - ok
23:06:05.0468 3960 amsint - ok
23:06:05.0500 3960 asc - ok
23:06:05.0531 3960 asc3350p - ok
23:06:05.0578 3960 asc3550 - ok
23:06:05.0625 3960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:06:05.0656 3960 AsyncMac - ok
23:06:05.0687 3960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:06:05.0734 3960 atapi - ok
23:06:05.0765 3960 Atdisk - ok
23:06:05.0812 3960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:06:05.0843 3960 Atmarpc - ok
23:06:05.0906 3960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:06:05.0921 3960 audstub - ok
23:06:05.0984 3960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:06:06.0015 3960 Beep - ok
23:06:06.0078 3960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:06:06.0109 3960 cbidf2k - ok
23:06:06.0125 3960 cd20xrnt - ok
23:06:06.0171 3960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:06:06.0203 3960 Cdaudio - ok
23:06:06.0250 3960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:06:06.0281 3960 Cdfs - ok
23:06:06.0312 3960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:06:06.0343 3960 Cdrom - ok
23:06:06.0406 3960 Changer - ok
23:06:06.0453 3960 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:06:06.0484 3960 CmBatt - ok
23:06:06.0500 3960 CmdIde - ok
23:06:06.0546 3960 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:06:06.0578 3960 Compbatt - ok
23:06:06.0609 3960 Cpqarray - ok
23:06:06.0671 3960 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
23:06:06.0671 3960 d347bus - ok
23:06:06.0718 3960 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
23:06:06.0750 3960 d347prt - ok
23:06:06.0765 3960 dac2w2k - ok
23:06:06.0828 3960 dac960nt - ok
23:06:06.0890 3960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:06:06.0921 3960 Disk - ok
23:06:06.0968 3960 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:06:07.0015 3960 dmboot - ok
23:06:07.0062 3960 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:06:07.0093 3960 dmio - ok
23:06:07.0125 3960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:06:07.0156 3960 dmload - ok
23:06:07.0187 3960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:06:07.0203 3960 DMusic - ok
23:06:07.0250 3960 dpti2o - ok
23:06:07.0296 3960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:06:07.0312 3960 drmkaud - ok
23:06:07.0390 3960 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
23:06:07.0406 3960 dtsoftbus01 - ok
23:06:07.0468 3960 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:06:07.0500 3960 eamon - ok
23:06:07.0546 3960 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:06:07.0578 3960 ehdrv - ok
23:06:07.0640 3960 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:06:07.0703 3960 epfwtdir - ok
23:06:07.0796 3960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:06:07.0828 3960 Fastfat - ok
23:06:07.0875 3960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:06:07.0906 3960 Fdc - ok
23:06:07.0937 3960 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:06:07.0968 3960 Fips - ok
23:06:08.0000 3960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:06:08.0031 3960 Flpydisk - ok
23:06:08.0062 3960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:06:08.0109 3960 FltMgr - ok
23:06:08.0187 3960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:06:08.0218 3960 Fs_Rec - ok
23:06:08.0265 3960 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:06:08.0296 3960 Ftdisk - ok
23:06:08.0359 3960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:06:08.0390 3960 Gpc - ok
23:06:08.0437 3960 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
23:06:08.0437 3960 hamachi - ok
23:06:08.0500 3960 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:06:08.0531 3960 HDAudBus - ok
23:06:08.0578 3960 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:06:08.0609 3960 hidusb - ok
23:06:08.0625 3960 hpn - ok
23:06:08.0687 3960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:06:08.0765 3960 HTTP - ok
23:06:08.0796 3960 i2omgmt - ok
23:06:08.0812 3960 i2omp - ok
23:06:08.0859 3960 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:06:08.0921 3960 i8042prt - ok
23:06:09.0015 3960 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:06:09.0109 3960 ialm - ok
23:06:09.0203 3960 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:06:09.0203 3960 iaStor - ok
23:06:09.0296 3960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:06:09.0328 3960 Imapi - ok
23:06:09.0343 3960 InCDFs - ok
23:06:09.0375 3960 InCDPass - ok
23:06:09.0390 3960 InCDRm - ok
23:06:09.0421 3960 ini910u - ok
23:06:09.0609 3960 IntcAzAudAddService (00c5e8161d71f6a51885026e1853c027) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:06:09.0765 3960 IntcAzAudAddService - ok
23:06:09.0828 3960 IntelIde - ok
23:06:09.0875 3960 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:06:09.0906 3960 intelppm - ok
23:06:09.0937 3960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:06:09.0984 3960 Ip6Fw - ok
23:06:10.0046 3960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:06:10.0093 3960 IpFilterDriver - ok
23:06:10.0140 3960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:06:10.0171 3960 IpInIp - ok
23:06:10.0218 3960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:06:10.0250 3960 IpNat - ok
23:06:10.0296 3960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:06:10.0328 3960 IPSec - ok
23:06:10.0390 3960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:06:10.0421 3960 IRENUM - ok
23:06:10.0453 3960 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:06:10.0484 3960 isapnp - ok
23:06:10.0515 3960 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:06:10.0546 3960 Kbdclass - ok
23:06:10.0609 3960 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:06:10.0640 3960 kbdhid - ok
23:06:10.0687 3960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:06:10.0718 3960 kmixer - ok
23:06:10.0765 3960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:06:10.0812 3960 KSecDD - ok
23:06:10.0859 3960 lbrtfdc - ok
23:06:10.0921 3960 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
23:06:10.0953 3960 massfilter - ok
23:06:11.0000 3960 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:06:11.0015 3960 MBAMProtector - ok
23:06:11.0062 3960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:06:11.0093 3960 mnmdd - ok
23:06:11.0140 3960 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:06:11.0171 3960 Modem - ok
23:06:11.0218 3960 MotDev - ok
23:06:11.0265 3960 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
23:06:11.0281 3960 motmodem - ok
23:06:11.0328 3960 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motport.sys
23:06:11.0328 3960 motport - ok
23:06:11.0375 3960 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:06:11.0406 3960 Mouclass - ok
23:06:11.0437 3960 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:06:11.0468 3960 mouhid - ok
23:06:11.0500 3960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:06:11.0531 3960 MountMgr - ok
23:06:11.0578 3960 MQAC (9229e191fe206628be17d1e67a5faed9) C:\WINDOWS\system32\drivers\mqac.sys
23:06:11.0609 3960 MQAC - ok
23:06:11.0671 3960 mraid35x - ok
23:06:11.0718 3960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:06:11.0781 3960 MRxDAV - ok
23:06:11.0859 3960 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:06:11.0921 3960 MRxSmb - ok
23:06:11.0953 3960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:06:11.0984 3960 Msfs - ok
23:06:12.0031 3960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:06:12.0062 3960 MSKSSRV - ok
23:06:12.0140 3960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:06:12.0156 3960 MSPCLOCK - ok
23:06:12.0218 3960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:06:12.0250 3960 MSPQM - ok
23:06:12.0281 3960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:06:12.0312 3960 mssmbios - ok
23:06:12.0375 3960 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
23:06:12.0375 3960 MTsensor - ok
23:06:12.0421 3960 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:06:12.0453 3960 Mup - ok
23:06:12.0500 3960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:06:12.0531 3960 NDIS - ok
23:06:12.0593 3960 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:06:12.0609 3960 NdisTapi - ok
23:06:12.0640 3960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:06:12.0671 3960 Ndisuio - ok
23:06:12.0687 3960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:06:12.0718 3960 NdisWan - ok
23:06:12.0765 3960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:06:12.0796 3960 NDProxy - ok
23:06:12.0812 3960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:06:12.0843 3960 NetBIOS - ok
23:06:12.0859 3960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:06:12.0906 3960 NetBT - ok
23:06:12.0937 3960 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
23:06:12.0968 3960 Netdevio - ok
23:06:13.0000 3960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:06:13.0031 3960 Npfs - ok
23:06:13.0078 3960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:06:13.0156 3960 Ntfs - ok
23:06:13.0234 3960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:06:13.0250 3960 Null - ok
23:06:13.0296 3960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:06:13.0328 3960 NwlnkFlt - ok
23:06:13.0359 3960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:06:13.0390 3960 NwlnkFwd - ok
23:06:13.0421 3960 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:06:13.0468 3960 NwlnkIpx - ok
23:06:13.0500 3960 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:06:13.0562 3960 NwlnkNb - ok
23:06:13.0625 3960 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:06:13.0656 3960 NwlnkSpx - ok
23:06:13.0703 3960 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:06:13.0734 3960 NWRDR - ok
23:06:13.0828 3960 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:06:13.0859 3960 Parport - ok
23:06:13.0890 3960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:06:13.0921 3960 PartMgr - ok
23:06:13.0968 3960 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:06:13.0984 3960 ParVdm - ok
23:06:14.0062 3960 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:06:14.0109 3960 PCI - ok
23:06:14.0140 3960 PCIDump - ok
23:06:14.0187 3960 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:06:14.0218 3960 PCIIde - ok
23:06:14.0250 3960 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:06:14.0312 3960 Pcmcia - ok
23:06:14.0359 3960 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
23:06:14.0421 3960 PCTCore - ok
23:06:14.0484 3960 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
23:06:14.0578 3960 pctDS - ok
23:06:14.0671 3960 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
23:06:14.0750 3960 pctEFA - ok
23:06:14.0796 3960 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
23:06:14.0812 3960 pctgntdi - ok
23:06:14.0875 3960 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\system32\drivers\pctplsg.sys
23:06:14.0890 3960 pctplsg - ok
23:06:14.0921 3960 PDCOMP - ok
23:06:14.0937 3960 PDFRAME - ok
23:06:14.0968 3960 PDRELI - ok
23:06:15.0015 3960 PDRFRAME - ok
23:06:15.0046 3960 perc2 - ok
23:06:15.0078 3960 perc2hib - ok
23:06:15.0140 3960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:06:15.0171 3960 PptpMiniport - ok
23:06:15.0203 3960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:06:15.0265 3960 PSched - ok
23:06:15.0328 3960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:06:15.0359 3960 Ptilink - ok
23:06:15.0453 3960 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:06:15.0484 3960 PxHelp20 - ok
23:06:15.0500 3960 ql1080 - ok
23:06:15.0531 3960 Ql10wnt - ok
23:06:15.0546 3960 ql12160 - ok
23:06:15.0578 3960 ql1240 - ok
23:06:15.0609 3960 ql1280 - ok
23:06:15.0671 3960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:06:15.0687 3960 RasAcd - ok
23:06:15.0765 3960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:06:15.0796 3960 Rasl2tp - ok
23:06:15.0828 3960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:06:15.0859 3960 RasPppoe - ok
23:06:15.0890 3960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:06:15.0921 3960 Raspti - ok
23:06:15.0968 3960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:06:16.0062 3960 Rdbss - ok
23:06:16.0109 3960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:06:16.0140 3960 RDPCDD - ok
23:06:16.0234 3960 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:06:16.0265 3960 rdpdr - ok
23:06:16.0312 3960 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:06:16.0375 3960 RDPWD - ok
23:06:16.0421 3960 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:06:16.0453 3960 redbook - ok
23:06:16.0500 3960 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
23:06:16.0531 3960 RMCAST - ok
23:06:16.0593 3960 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
23:06:16.0656 3960 rspndr - ok
23:06:16.0734 3960 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:06:16.0765 3960 RTL8023xp - ok
23:06:16.0828 3960 RTL8187B (de4924fe414bba15dd098aecf3711137) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
23:06:16.0875 3960 RTL8187B - ok
23:06:16.0968 3960 SDVC05 (83a7fc4ebcdb9d75e88adf99a2213fc0) C:\WINDOWS\system32\Drivers\SDVC05.sys
23:06:17.0000 3960 SDVC05 - ok
23:06:17.0062 3960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:06:17.0093 3960 Secdrv - ok
23:06:17.0125 3960 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:06:17.0187 3960 Serial - ok
23:06:17.0265 3960 sfdrv01 (b659e4af7534e3516ddc0b820db8f910) C:\WINDOWS\system32\drivers\sfdrv01.sys
23:06:17.0296 3960 sfdrv01 - ok
23:06:17.0343 3960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:06:17.0375 3960 Sfloppy - ok
23:06:17.0406 3960 sfsync02 (3fcb3fe43737b0ef6fe759fc0b886a69) C:\WINDOWS\system32\drivers\sfsync02.sys
23:06:17.0437 3960 sfsync02 - ok
23:06:17.0468 3960 Simbad - ok
23:06:17.0500 3960 Sparrow - ok
23:06:17.0531 3960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:06:17.0562 3960 splitter - ok
23:06:17.0578 3960 sptd - ok
23:06:17.0656 3960 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:06:17.0687 3960 sr - ok
23:06:17.0750 3960 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
23:06:17.0812 3960 Srv - ok
23:06:17.0859 3960 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
23:06:17.0890 3960 StillCam - ok
23:06:17.0921 3960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:06:17.0953 3960 swenum - ok
23:06:17.0968 3960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:06:18.0015 3960 swmidi - ok
23:06:18.0078 3960 symc810 - ok
23:06:18.0078 3960 symc8xx - ok
23:06:18.0093 3960 sym_hi - ok
23:06:18.0109 3960 sym_u3 - ok
23:06:18.0140 3960 SynTP (51cdbb8836893d683b22dde0913af3e1) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:06:18.0156 3960 SynTP - ok
23:06:18.0203 3960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:06:18.0218 3960 sysaudio - ok
23:06:18.0281 3960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:06:18.0343 3960 Tcpip - ok
23:06:18.0359 3960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:06:18.0390 3960 TDPIPE - ok
23:06:18.0406 3960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:06:18.0437 3960 TDTCP - ok
23:06:18.0468 3960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:06:18.0531 3960 TermDD - ok
23:06:18.0578 3960 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
23:06:18.0609 3960 TfFsMon - ok
23:06:18.0671 3960 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
23:06:18.0703 3960 TfNetMon - ok
23:06:18.0718 3960 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
23:06:18.0781 3960 TFSysMon - ok
23:06:18.0828 3960 TosIde - ok
23:06:18.0890 3960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:06:18.0921 3960 Udfs - ok
23:06:18.0953 3960 ultra - ok
23:06:19.0000 3960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:06:19.0093 3960 Update - ok
23:06:19.0171 3960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:06:19.0203 3960 usbccgp - ok
23:06:19.0250 3960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:06:19.0281 3960 usbehci - ok
23:06:19.0296 3960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:06:19.0328 3960 usbhub - ok
23:06:19.0359 3960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:06:19.0390 3960 usbscan - ok
23:06:19.0421 3960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:06:19.0453 3960 USBSTOR - ok
23:06:19.0500 3960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:06:19.0531 3960 usbuhci - ok
23:06:19.0562 3960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:06:19.0578 3960 VgaSave - ok
23:06:19.0625 3960 ViaIde - ok
23:06:19.0671 3960 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:06:19.0703 3960 VolSnap - ok
23:06:19.0734 3960 vproiah - ok
23:06:19.0796 3960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:06:19.0828 3960 Wanarp - ok
23:06:19.0875 3960 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:06:19.0968 3960 Wdf01000 - ok
23:06:20.0031 3960 WDICA - ok
23:06:20.0109 3960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:06:20.0140 3960 wdmaud - ok
23:06:20.0234 3960 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:06:20.0265 3960 WS2IFSL - ok
23:06:20.0312 3960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:06:20.0343 3960 WudfPf - ok
23:06:20.0390 3960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:06:20.0390 3960 WudfRd - ok
23:06:20.0453 3960 ZTEusbmdm6k (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
23:06:20.0468 3960 ZTEusbmdm6k - ok
23:06:20.0531 3960 ZTEusbnmea (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
23:06:20.0546 3960 ZTEusbnmea - ok
23:06:20.0593 3960 ZTEusbser6k (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
23:06:20.0609 3960 ZTEusbser6k - ok
23:06:20.0640 3960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:06:20.0937 3960 \Device\Harddisk0\DR0 - ok
23:06:20.0937 3960 Boot (0x1200) (7afbc17b21acef6fb81269a23ea18c4c) \Device\Harddisk0\DR0\Partition0
23:06:20.0937 3960 \Device\Harddisk0\DR0\Partition0 - ok
23:06:20.0953 3960 Boot (0x1200) (8305e3b08d4a2ea6160021697b3e9518) \Device\Harddisk0\DR0\Partition1
23:06:20.0953 3960 \Device\Harddisk0\DR0\Partition1 - ok
23:06:20.0984 3960 Boot (0x1200) (4dee2776a2c281e09f5502227e11a0b0) \Device\Harddisk0\DR0\Partition2
23:06:20.0984 3960 \Device\Harddisk0\DR0\Partition2 - ok
23:06:20.0984 3960 ============================================================
23:06:20.0984 3960 Scan finished
23:06:20.0984 3960 ============================================================
23:06:21.0000 3984 Detected object count: 0
23:06:21.0000 3984 Actual detected object count: 0



* ComboFix Log

ComboFix 12-02-11.03 - Dragusanu 11.02.2012 23:42:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.371 [GMT 2:00]
Running from: c:\documents and settings\Dragusanu\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dragusanu\Application Data\bcrypt.html
c:\documents and settings\Dragusanu\Desktop\Internet Explorer.lnk
c:\documents and settings\Dragusanu\WINDOWS
c:\windows\daemon.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp41DB.tmp
c:\windows\system32\tmp41DC.tmp
c:\windows\system32\tmpD8DD.tmp
c:\windows\system32\weber
c:\windows\WindowsXP-KB917425-x86-ENU.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-09 17:04 . 2012-02-09 17:04 -------- dc----w- c:\program files\Cobian Backup 8
2012-02-08 21:33 . 2012-02-08 21:33 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-02-08 17:43 . 2012-02-08 17:43 -------- dc----w- c:\documents and settings\Dragusanu\Local Settings\Application Data\Threat Expert
2012-02-08 17:29 . 2012-02-11 21:36 -------- dc----w- c:\program files\PC Tools Security
2012-02-08 17:28 . 2012-02-11 21:14 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-08 09:22 . 2012-02-08 09:22 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\HD Tune Pro
2012-02-08 09:21 . 2012-02-08 09:21 -------- dc----w- c:\program files\HD Tune Pro
2012-02-08 00:41 . 2012-02-08 00:41 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\Malwarebytes
2012-02-08 00:40 . 2012-02-08 00:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-08 00:40 . 2012-02-08 00:40 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 00:40 . 2011-12-10 13:24 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 00:26 . 2012-02-08 00:26 388096 -c--a-r- c:\documents and settings\Dragusanu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 00:26 . 2012-02-08 00:26 -------- dc----w- c:\program files\Trend Micro
2012-02-04 15:22 . 2012-02-04 15:22 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\BlackBean
2012-02-03 20:19 . 2012-02-03 20:19 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\FUEL
2012-02-03 16:01 . 2012-02-03 16:01 -------- dc----r- C:\MSOCache
2012-02-03 14:39 . 2012-02-03 14:48 -------- dc----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2012-02-02 19:59 . 2012-02-04 16:33 66872 -c--a-w- c:\windows\system32\PnkBstrA.exe
2012-02-02 19:59 . 2012-02-04 16:33 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-02 19:59 . 2012-02-04 16:33 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2012-02-02 18:22 . 2012-02-02 18:22 -------- dc----w- c:\program files\NVIDIA Corporation
2012-02-01 16:33 . 2012-02-01 16:33 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-01 08:42 . 2012-02-01 08:42 126976 -csha-r- c:\windows\system32\mswebdvd9.dll
2012-01-29 15:42 . 2012-02-01 08:18 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\Hamachi
2012-01-29 15:38 . 2012-01-29 15:38 -------- dc----w- c:\documents and settings\Dragusanu\Local Settings\Application Data\Deployment
2012-01-27 13:15 . 2005-04-03 21:02 69714 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-01-27 13:15 . 2005-04-03 21:01 274432 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-01-27 13:15 . 2005-04-03 21:00 184320 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-01-27 13:15 . 2005-04-03 20:59 5632 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-01-27 13:14 . 2005-04-03 21:02 753664 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-01-27 13:14 . 2012-01-27 13:14 200836 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-01-27 13:14 . 2012-01-27 13:14 331908 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-01-26 13:09 . 2012-01-26 13:09 -------- dc----w- c:\documents and settings\Dragusanu\Local Settings\Application Data\visi_coupon
2012-01-26 12:31 . 2012-01-27 09:12 -------- dc----w- c:\windows\SxsCaPendDel
2012-01-26 12:25 . 2012-01-26 12:25 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\Yahoo! Messenger
2012-01-15 15:55 . 2012-01-15 15:55 -------- dc----w- c:\documents and settings\Dragusanu\Application Data\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 12:17 . 2011-02-03 10:36 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
2011-11-20 05:27 . 2011-10-01 07:44 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-11-14 14:06 . 2009-10-28 08:35 1585662 -c--a-w- c:\program files\Cult3D_IE_5.3.0.228.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-11-06 191552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"SkyTel"="SkyTel.EXE" [2007-11-06 1826816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-06 888832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-10-10 132096]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16384512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dragusanu\Start Menu\Programs\Startup\
Webshots.lnk - d:\webshots\Launcher.exe [2009-6-7 45056]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.07.2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03.08.2010 12:28 95896]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [12.08.2010 13:16 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08.02.2012 02:40 652360]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [05.09.2010 08:47 246272]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [01.02.2011 19:58 218176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.02.2012 02:40 20464]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [20.07.2010 18:18 338944]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 OODefragAgent;O&O Defrag Agent;"d:\o&o drfrag\oodag.exe" --> d:\o&o drfrag\oodag.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [05.09.2010 08:47 9216]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [30.10.2010 12:23 23936]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [30.01.2010 12:20 18088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys --> c:\windows\system32\DRIVERS\vproiah.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [06.06.2009 22:29 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [06.06.2009 22:29 5248]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Neqo.job
- c:\windows\system32\mswebdvd9.dll [2012-02-01 08:42]
.
2012-02-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-07 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam2.primariaarad.ro:8082/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\NOD6.tmp 856576 bytes
c:\windows\TEMP\NOD7.tmp 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-823518204-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1844237615-823518204-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9d,2e,fc,77,28,83,01,e8,d8,0d,e3,a9,4a,77,56,f3,84,ab,18,2d,d4,
6b,1e,d0,30,4c,5a,7c,b8,6d,51,dd,65,27,70,3b,d0,38,b2,54,05,65,05,e0,d0,e9,\
"rkeysecu"=hex:88,23,9e,b5,8b,aa,9a,4f,52,d4,db,92,b2,78,e9,ba
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D90B73947736CF9A78DBC8CBFE98B8C09A04C2A3D0B013F9268D0FB1439F0693E035D3F1161E9224390D409BE22103345A3A658BDDA2B26F9C3461C2E4691EE3B820626BE3E9CA594E356DFA02B3FBB0C234FA52A270B556E4ED6582B4F491476655A690D7D9E0A0A5AEE252C72FA9C3463FC3D79EB9DF881595276BE741FEFEC7E01A907BECF2448155A8AA33B4C5E1A8287421E8DF2541970CA618C7913CB08B53AAC2EC6850F2738CB83556AB3D620741B453A60C3322AC35DA4C3170CE663641B9A15E567E3EE6B902C3DABC32FE4CE1A03D9527E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794C038D530D6EB3452E5C7345CDFDBB5DB36C0914ED110C720649323AFD5C0E0A8C2A8F7F2C3D386C92E6500F28B7829A46B800391DBAE232C9CA9A91DE1104976C18813970F7584E6CC7B783B7566061F43B769D634570342F2AE0C81ECBB038B2FC9F80D5569BE34A9E91DDA49430FA3D0CD33F5FD3E6AF8432DCA7CB42FF3DA523B5BDE8CED1C2095E76EED55C3C9C08C7C53B3812C1F9B4E83E8A29A66C38D5481EE104F55C450427B72028CAE0136CF50C0CDAAFD2E28B9E4EDFDA1735EFC4294EC16DA05259D4503B39B865F437B5BAD757389A2E4D08BD6650CF37BF33A0D408F5C91F7EE94992F3E32FCC361B953C7EFC9511FD77D3135DFBC5FB6F78889241ABFF8BC19751E8324AF4FE0F14DBC293366DA8C5E477C306FF4527324DD733350133BF45934145BFC7281CD4FC806B04659A11612FC1FC6AD8F6313F2E767B6F91C26D7307AA2E0DE4EB83598F17B0FB29E457C5322345335574C8AA5066549E514AC2FDC2354966B0B41572EC0534988AC0B13446CB6FE258E6863C0CAD35BE129E2586440965040618986B764A3BBD96AD844CCC50649A16A383A8BFDFB2F457E034611963D37860423A91FBD6691BC343C0A98CDE804D313E2C0929A0B5F66A9EC00EF9D7E476692473D91E2FDCDCBDA63F516D686D664262F3C2551935524B3A01FD08173538CA5CF4F819C2C46A621A42BF7E66B3C06B38B8658850952DD1CC35149A31BFD2C48BB84A56818A3EF3FF563B63887026AC2878C044DC6697754A15AB41959C07BF92D937878CD654D62F2E98CBA304CC8CA584F447608015BC1A70FADA9F2E7B12C6CC6B631BCDBEAA85D9FF8109C92DEB9D7E37A7EF0D7753E66DA955191168EC6E27E642DB7AD76A818F8BD0F6A9D6B6F0273C89905FA361A163B92C046BDD2A4A02E453A77D422E7AA7D65421A8C31C1773C98302DD092940F438DDD812A4495D75CE559151DA4E3C149B6678E53F779FD8F15DC380F8266CF9733C019F52DDBE025143F91AB398CAC0EC47190B78DD37FD0AEEED7"
"OODEFRAG11.00.00.01WORKSTATION"="2D34A294EA66B1AE8ED2CEDDD0E0DBF905C949167268B60172A8B9B0B28E50C92EA91EABA568FE11BD1912BF881C34DD1209A6554B45CF68DA60C459AF241BCD6A2FAA52EC1ABF14A6D96851F081D5FE8D0D81ADA4488934C48C09134D6341304046E1566F0D5F0BF0BDFDAF51D6930D08C33629FE8B36904B7EB372E5DCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555A2D97226D213B5550F297FB1CF99430B0CD1E48A9DB2BBEB4B33416C183F7B60A57CC02CBE50B232AA54F573DC1484E67B3D314B7AA69EF6B5CB5FEF47ACE347F8287E7F29C0A483EEE59FEE50AE6D336EA4F8D0DC81E034A588877315DD1CF45D7BC3422D313907C3C565069E2C57814D6BADE40C11322CA2E95544B8CDCE841B34F6E712693690540E93F0BF43BF77C6AAA7A4D0196BF7FAA5C884EE6DCCA8C4445EB5A2A70384128F5D3CB09B4850CBAE200079D18749C12546A9739F8923AA542747AF1CAD5BAFCC57C672D6385B9077B53C57E3A5E14D0713FD0A3E1D4D643CE28B8BEC6723A67E7A44090477F70F3B6B7140EF0799361CDC9F7A93C3934E0C83450F31837DB28F253DFCAA151F8360A60E8D89155BDCE8B17F8EE1DDF40786E38B16F7FC1F5320180D5CC3425A700532501D355827E0A8046494D96D8871A13FC7FEC06F51CC8179E335BDD6C61BF8BC4E5070818EAA472D66DE261BF3B487353BAE021BF0283F51C59F7B4A978A4059718D2A62BBE268E77445E2B4743C184CF58B2466F0B1900E89B052BC930D157C76BD4372E6785F5350221E275A37646B600203D9D4F7E781DA088B6D9435E281EC4E154B619D37F110535D090A1833DEB381F122B6D0E75F3AC4E64589D5C9A73A31692E0EC7AC2D1C3C9990FA177FD781FD348FC25367C27B0B954C720A9F1097DC00FBE232B14F3443BB99BA2FF7E9A96E03183C5CF2A74684BCAFE7AC6BC291C90BBC6DD9EB0968532625E89E7E0E654F8BD3760CC9F0965EF64313E16AA808F6321BCA0234EB9F5AAC563969AAA0BC206F00DBC5DE62BA48D27C338C8D8FB1648F662F2F186F13CB1775745646E21164437DE932D9A7D77753741A56F82C9598B310622DD9EFCF9EA16E77F04F7714249051313D174CE5236BE92DAC8493111EA030BF89EEAD3ACB7B50B187F8E64C69D224D797A642B00A08BD67413EBFD4014D01B41600490554C8CFA82E2A2095467CC315B4C9DE576C85F65808E4106553A5E2466AEB4CBBB823C4733C7CEF1D4C739F384DF9DB4D8D36BE1F3BEE461D2B87568BDEC222BB01942C3DCBBE0EE5948DCD225D61D5DBB6616475D60309A6A2C605AF92CA1A37B61F23493CF41048BA1B0648A461CE1DB43F57249DFE620456AA37F1677E"
"OODEFRAG12.00.00.01PROFESSIONAL"="09A652835119F32C54A5CAF919DCF5609CEDBA5FA5F90D4C677DED782D228BA7FE1C2B26F08430771F485A76EF9C0F483282B591ACE710C324DD0DF108E2F70E3A6415E925CD7EF58B50507EDFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407A2D97226D213B555E8255B8B0E77208929597467BF67B9082FA5DE8D2224A7EF929F388AE79C7E54B060232B82533174F6A2F4F65A3A6EB18065B72050A74812FEAE7A2090DA2C5D7FD0724B3D0AAA3BEA49E987DD0810F1EE260303A3774F282083C5098089B73CFD17815D8B557DABBC49012CB2B416085EDB0309C33ED8FE25AD91F7BABE81714CFA20946CD3EF1616BF7D3C77884836A71E90480B0DD26CB3DAEBE5F6733B027C6430EB9587195318F0B6CF7D2E454396A9181E87577F466561F60E2005EF761361A79F6ED7E73955449846C934FD796B5E19A8FC77F5E8C6BAE772D53578DA0A251031940E9A295243A2C0178F3AA8D8BE2A4A60A7A234D78307D5ECA806C050850A6658D8C7018D1DE5A6D11612A10873F0AB5D0AC10C107BB1C06BE91B3C487AC5C6BE4B56A974A50CA09B05F33D16C9AAB651A2E7575689D9FE8D6612E5C6A40A9F7EDB858B69D2509E4A7AA1D41030289BD0597B82083584A043ED145A9643B1048663E3134440805267F9B0477CB94CCB207A377C77ABCAFA2FB7223BF5BEA9C775A257B3502B00B0306B8B7753A091803C37A83968BDDAA4A85B10AC169FF50421B919E24C78C774161A6ECA7E3F02B4512335319360757A3D5885569D13AB968FB03599EAAEE01D3FB46C2E60943FA5C2B6115EA6AC6E9D2A0EFDE4A56C752081708CD553F86D6A054FEA0FCBC67DD827CEC841435FB07063C3498BBDA1120663C85399A0251EE4F462245F891D841349AB3ADD7DD8B99B91A10CFB674B52EFDCEB93E862263B554FC6A516D4823161277297BB5F1F1A8C8F35BCF098A89E4D45EF29CF9A131FC98B3D50AEDD87F212732AE9E5E35B76716C6F27A53B9A6FCEA7CD45D9C0A73B94D26ADAA748DF4E38953F89EC7E580AC06C276CDAACA7D3E7C6E6EC9AC0C2904D015350032DE35C2BA6042663938820B0061500D53FF86ED3167BF72678E5B7CBA9650B48188FC887F6AA43627A811BBDE656A8DF3A5EF48EBEB39316BAB9DBAF126E400188025429864DB50582F9EFA8EB6D8244564731D99B97C00A5087BBDAB123F33DF3FED1360E672BE9EB512775AA3EFD54C2CA03BA3F17D4A172BFAAF2389A000F41EFAA94F6589FB56A07DFEBE912DE649FA3DAF9ED04F703D0F3116286CE920CCCDE5B6FE0E6678F293FC919A4973B4D84AD40249F1527580F5C6858B2212D4F657DF3361D3A2924C3C4AACB8BDF816BFBEC4D"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
d:\webshots\webshots.scr
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
.
**************************************************************************
.
Completion time: 2012-02-11 23:56:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 21:55
.
Pre-Run: 893.919.232 bytes free
Post-Run: 892.334.080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 62140C57881ED7261B4048788671367D

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 11 February 2012 - 05:59 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic442005.html/page__pid__2593711#entry2593711

Collect::
c:\windows\system32\mswebdvd9.dll

Driver::
vproiah

File::
c:\windows\Tasks\Neqo.job

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 12 February 2012 - 03:30 PM

MBAM didn't find any threats.

And the computer is running very good, I didn't experience any more redirections, spams or even pop-ups :D

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 12 February 2012 - 03:52 PM

Hi

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


The log is showing two antivirus products installed, having more than one can cause system slow downs, conflicts and crashes, please uninstall one of them.

NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 24 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Please post a fresh DDS Log and advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 12 February 2012 - 06:08 PM

I uninstalled Spyware Doctor and made the updates.

As I said, the computer is running good, not having any sort of problem! :)

Here is the log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Dragusanu at 1:07:08 on 2012-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.372 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Join Air\AssistantServices.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ltmoh\Ltmoh.exe
D:\Webshots\webshots.scr
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ro/
uSearchURL,(Default) = hxxp://www.google.ro
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Asistenta legaturi Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: {A823A630-78C6-4637-AF80-AEDCA5BB74C1} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [UIExec] "c:\program files\join air\UIExec.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dragus~1\startm~1\programs\startup\webshots.lnk - d:\webshots\Launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam2.primariaarad.ro:8082/activex/AMC.cab
TCP: Interfaces\{677029D3-718E-4B34-ACC4-6FA857E43B65} : NameServer = 82.76.253.125 82.76.253.115
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dragusanu\application data\mozilla\firefox\profiles\f5v53etq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\divx\divx player\npDivxPlayerPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
R2 UI Assistant Service;UI Assistant Service;c:\program files\join air\AssistantServices.exe [2010-9-5 246272]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-1 218176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-7-20 338944]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 OODefragAgent;O&O Defrag Agent;"d:\o&o drfrag\oodag.exe" --> d:\o&o drfrag\oodag.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\dragus~1\locals~1\temp\cfcatchme.sys --> c:\docume~1\dragus~1\locals~1\temp\CFcatchme.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-9-5 9216]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-10-30 23936]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2010-1-30 18088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-6-6 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-6-6 5248]
.
=============== Created Last 30 ================
.
2012-02-11 21:41:41 -------- dcsha-r- C:\cmdcons
2012-02-11 21:40:11 98816 -c--a-w- c:\windows\sed.exe
2012-02-11 21:40:11 518144 -c--a-w- c:\windows\SWREG.exe
2012-02-11 21:40:11 256000 -c--a-w- c:\windows\PEV.exe
2012-02-11 21:40:11 208896 -c--a-w- c:\windows\MBR.exe
2012-02-09 17:04:14 -------- dc----w- c:\program files\Cobian Backup 8
2012-02-08 17:43:35 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\Threat Expert
2012-02-08 17:29:21 -------- dc----w- c:\program files\PC Tools Security
2012-02-08 17:28:00 -------- dc----w- c:\documents and settings\all users\application data\PC Tools
2012-02-08 09:22:04 -------- dc----w- c:\documents and settings\dragusanu\application data\HD Tune Pro
2012-02-08 09:21:59 -------- dc----w- c:\program files\HD Tune Pro
2012-02-08 00:41:04 -------- dc----w- c:\documents and settings\dragusanu\application data\Malwarebytes
2012-02-08 00:40:57 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-08 00:40:55 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 00:40:55 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 00:26:40 388096 -c--a-r- c:\documents and settings\dragusanu\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-08 00:26:39 -------- dc----w- c:\program files\Trend Micro
2012-02-04 15:22:10 -------- dc----w- c:\documents and settings\dragusanu\application data\BlackBean
2012-02-03 20:19:08 -------- dc----w- c:\documents and settings\dragusanu\application data\FUEL
2012-02-03 14:39:50 -------- dc----w- c:\documents and settings\all users\application data\Test Drive Unlimited
2012-02-02 19:59:18 66872 -c--a-w- c:\windows\system32\PnkBstrA.exe
2012-02-02 19:59:17 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-02 19:59:09 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2012-02-02 18:22:29 -------- dc----w- c:\program files\NVIDIA Corporation
2012-01-29 15:38:05 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\Deployment
2012-01-27 13:15:00 69714 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-01-27 13:15:00 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-01-27 13:15:00 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-01-27 13:15:00 184320 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-01-27 13:14:58 753664 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-01-27 13:14:51 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-01-27 13:14:50 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-01-26 13:09:31 -------- dc----w- c:\documents and settings\dragusanu\local settings\application data\visi_coupon
2012-01-26 12:31:33 -------- dc----w- c:\windows\SxsCaPendDel
.
==================== Find3M ====================
.
2012-02-03 12:17:18 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
2011-11-20 05:27:04 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-11-14 14:06:18 1585662 -c--a-w- c:\program files\Cult3D_IE_5.3.0.228.exe
.
============= FINISH: 1:07:30,35 ===============

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 12 February 2012 - 06:12 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the TDSSKiller, DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 12 February 2012 - 07:23 PM

Thank you for the tips, they're really useful!

And thanks for helping me out!

You can consider this thread resolved now :D

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 12 February 2012 - 08:02 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 13 February 2012 - 01:05 PM

Sorry to bump this out, but I got a problem.. :(

It worked just fine until now. Each time I start the computer, it freezes, just like the last time, but this happens now EVERY TIME not from time to time.. I can't use it anymore, because it freezes instantly after logon screen. The taskbar is blocked (showing the waiting cursor) and I can't do anything..

What I have done from the morning until now that can interfere: I tried to get rid of the password logon screen (because I don't have a password) and that's it.

In this situation, what is your recommandation?


LATER EDIT: Ironically, my mom started it up now and it seems to work fine, but this is coming after a series of restarts and freezes..

Edited by freakyfred, 13 February 2012 - 01:10 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 AM

Posted 13 February 2012 - 04:20 PM

that's odd,

must have had something to do with that log-in screen


but try doing a defrag and system file checker


  • Open My Computer.
  • Right-click the local disk volume that you want to defragment (usually your C:\ drive) > then click Properties.
  • On the Tools tab > click Defragment Now.
  • Click Defragment.


To use System File Checker, follow these steps:

  • Click Start, click Run, type cmd.exe, and then click OK.
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 freakyfred

freakyfred
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 February 2012 - 07:07 AM

Defragmented and scanned.

I noticed the decives I plug in are not auto-playing anymore.. Don't know if this is related.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users