Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Removed but icon still appears


  • This topic is locked This topic is locked
20 replies to this topic

#1 idayo

idayo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 11 February 2012 - 12:18 PM

I have XP and windows 2003. This week attacked by System Check. Horrible. I was able to (I believe) get rid of it by reading several posts and how to's on this amazing website.Specifically the one by Laawrence Abrams from January 1, 2012. Awesome it saved me! :)
TOday I signed up and am telling everyone about this website. I used the Rkill, unhide, and also the Malwarebytes. Everything so far, seems back to normal. However, on my start up menu I still have the "system check icon" with the fake Microsoft flag. My desktop also shows an icon but its displayed as a white "box" with a blue bar at the top of it. No flag very generic looking. How do I make certain these are truly gone. Do I send to recycle and then delete? Hope that makes sense. Thanks!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 15 February 2012 - 10:02 AM

Hello and :welcome: to BleepingComputer!

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 21 February 2012 - 11:52 AM

Hi Elise,

Hope I did this correctly? I look forward to your comments. Thanks!! Have a Great Day.Attached File  attach.zip   4.8KB   2 downloads

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 21 February 2012 - 11:56 AM

Hi, can you also post me dds.txt? No need to attach it, just copy/paste it into the reply box.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 25 February 2012 - 11:42 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 25 February 2012 - 05:46 PM

Is that the same file I zipped or is it a different file. Sry Iam just not sure. Thanks for your patience. I may have to start ovr again with DDS hmmm :)

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 26 February 2012 - 04:27 AM

You can just rerun DDS and post the log that pops up. :) Just copy/paste it into the reply box.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 26 February 2012 - 04:17 PM

Here you go.
Thanks!



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2008 3:20:55 PM
System Uptime: 2/21/2012 10:51:30 AM (126 hours ago)
.
Motherboard: Hewlett-Packard | | 30A4
Processor: AMD Turion™ 64 Mobile Technology ML-34 | U23 | 1794/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 61 GiB total, 18.461 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 0.953 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&1&10A4
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&1&10A4
Service: BCM43XX
.
==== System Restore Points ===================
.
RP598: 2/10/2012 2:42:30 PM - System Checkpoint
RP599: 2/10/2012 6:05:11 PM - Installed muvee Reveal Seagate Edition
RP600: 2/10/2012 8:23:03 PM - Installed Seagate Manager Installer
RP601: 2/12/2012 3:38:01 PM - System Checkpoint
RP602: 2/13/2012 4:45:25 PM - System Checkpoint
RP603: 2/14/2012 5:58:13 PM - System Checkpoint
RP604: 2/15/2012 6:12:04 PM - System Checkpoint
RP605: 2/16/2012 6:31:02 PM - System Checkpoint
RP606: 2/17/2012 9:20:21 PM - System Checkpoint
RP607: 2/18/2012 9:37:39 PM - System Checkpoint
RP608: 2/19/2012 7:00:33 PM - Software Distribution Service 3.0
RP609: 2/24/2012 3:40:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
ATT-RC Self Support Tool
Avery Template
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
BlackBerry Desktop Software 4.5
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
Brother MFL-Pro Suite
BufferChm
CameraHelperMsi
Carbonite Online Backup Setup
CC_ccProxyExt
ccCommon
ccPxyCore
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Easy Internet Sign-up
EasyBits GO
erLT
ESPNMotion
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
hp officejet d series
HP Photo Printing Software
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Share-to-Web
HP Software Update
HP User Guides--System Recovery
HP User Guides 0025
HP Wireless Assistant 2.00 C1
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 16
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.56.1
LimeWire 5.3.6
LiveUpdate 2.7 (Symantec Corporation)
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2006
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee Reveal Seagate Edition
Netscape Browser (remove only)
Nikon Message Center
Nikon Transfer
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PaperPort Image Printer
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
Quicken 2006
QuickTime
RandMap
Roxio Media Manager
Safari
ScanSoft PaperPort 11
SCRABBLE from Hewlett-Packard Laptops (remove only)
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SkinsHP1
Skype Click to Call
Skype™ 5.5
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
SPBBC
Super Granny from Hewlett-Packard Laptops (remove only)
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
WebFldrs XP
Webroot SecureAnywhere
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
Yahoo! BrowserPlus 2.9.8
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
.
==== Event Viewer Messages From Past Week ========
.
2/21/2012 10:15:54 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
2/19/2012 7:43:28 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8053d890, parameter3 eb32ccf0, parameter4 00000000.
2/19/2012 7:35:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
.
==== End Of File ===========================

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 27 February 2012 - 01:36 AM

When you run DDS two logs will open DDS.txt will be maximized and attach.txt will be minimized. You can see in the Notepad title bar which one is opened. I need you to copy the one that will open automatically, not that one that is minized. This is once again attach.txt you posted, please post dds.txt instead.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 February 2012 - 12:38 PM

i hope this is right? Thanks again.



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Michelle Mahlen at 12:08:09 on 2012-02-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.183 [GMT -5:00]
.
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: Norton Internet Security 2006 *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\Install\{C7D56238-4D2A-4663-8C5C-7216C62EB22D}\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\michelle mahlen\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\norton internet security\cfgwiz.exe" /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
mRun: [<NO NAME>]
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] "c:\windows\sminst\RecGuard.exe"
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] "c:\program files\brother\brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "c:\program files\brother\controlcenter3\brctrcen.exe" /autorun
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] "c:\program files\logitech\lws\webcam software\LWS.exe" -hide
mRun: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
mRun: [CPCjiDYjEbRqjx.exe] "c:\documents and settings\all users\application data\CPCjiDYjEbRqjx.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
StartupFolder: c:\docume~1\michel~2\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\michelle mahlen\application data\leadertech\powerregister\Seagate 2GEWMEXM Product Registration.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://wcwmail5.wcwood.com/iNotes6W.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287189454468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-10 20464]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051127.005\NAVENG.Sys [2006-4-13 77816]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051127.005\NavEx15.Sys [2006-4-13 750424]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-02-16 01:51:16 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 01:51:16 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-10 23:21:17 -------- d-----w- c:\documents and settings\all users\application data\Seagate
2012-02-10 23:14:48 -------- d-----w- c:\documents and settings\michelle mahlen\local settings\application data\Downloaded Installations
2012-02-10 23:14:41 -------- d-----w- c:\program files\Carbonite
2012-02-10 23:06:30 -------- d-----w- c:\program files\Seagate
2012-02-10 22:10:55 -------- d-----w- c:\program files\ATT-RC
2012-02-10 22:08:51 -------- d-----w- c:\program files\common files\Motive
2012-02-10 17:54:52 -------- d-----w- c:\documents and settings\michelle mahlen\application data\Malwarebytes
2012-02-10 17:54:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-10 17:54:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 17:54:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-09 21:58:05 145528 ----a-w- c:\windows\system32\WRusr.dll
2012-02-09 21:58:03 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-02-09 21:57:35 -------- d-----w- c:\documents and settings\all users\application data\WRData
2012-02-09 21:43:38 32038 ----a-w- C:\InformationalData.tmp
2012-02-09 21:43:38 2479 ----a-w- C:\DetectionData.tmp
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2004-08-10 15:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2004-07-30 04:04:42 1216 -csh--w- c:\windows\Twunk_16.dll
2004-07-30 04:04:42 1216 -csh--w- c:\windows\Twunk_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 12:19:21.45 ===============

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 27 February 2012 - 01:14 PM

Thats better! :)

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Webroot or Norton.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 28 February 2012 - 07:28 PM

Hi Elise,

Here is the report. Thanks!





19:22:38.0333 1868 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
19:22:38.0692 1868 ============================================================
19:22:38.0692 1868 Current date / time: 2012/02/28 19:22:38.0692
19:22:38.0692 1868 SystemInfo:
19:22:38.0692 1868
19:22:38.0692 1868 OS Version: 5.1.2600 ServicePack: 3.0
19:22:38.0692 1868 Product type: Workstation
19:22:38.0692 1868 ComputerName: PC207082390625
19:22:38.0708 1868 UserName: Michelle Mahlen
19:22:38.0708 1868 Windows directory: C:\WINDOWS
19:22:38.0708 1868 System windows directory: C:\WINDOWS
19:22:38.0708 1868 Processor architecture: Intel x86
19:22:38.0708 1868 Number of processors: 1
19:22:38.0708 1868 Page size: 0x1000
19:22:38.0708 1868 Boot type: Normal boot
19:22:38.0708 1868 ============================================================
19:22:41.0896 1868 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:22:41.0896 1868 \Device\Harddisk0\DR0:
19:22:41.0896 1868 MBR used
19:22:41.0896 1868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7992000
19:22:41.0896 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x7995F00, BlocksNum 0x19768FE
19:22:41.0943 1868 Initialize success
19:22:41.0943 1868 ============================================================
19:22:47.0318 2996 ============================================================
19:22:47.0318 2996 Scan started
19:22:47.0318 2996 Mode: Manual;
19:22:47.0318 2996 ============================================================
19:22:47.0755 2996 Abiosdsk - ok
19:22:47.0787 2996 abp480n5 - ok
19:22:47.0849 2996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:22:47.0849 2996 ACPI - ok
19:22:47.0896 2996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:22:47.0896 2996 ACPIEC - ok
19:22:47.0912 2996 adpu160m - ok
19:22:47.0943 2996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:22:47.0959 2996 aec - ok
19:22:48.0005 2996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:22:48.0005 2996 AFD - ok
19:22:48.0037 2996 Aha154x - ok
19:22:48.0068 2996 aic78u2 - ok
19:22:48.0084 2996 aic78xx - ok
19:22:48.0115 2996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:22:48.0115 2996 AliIde - ok
19:22:48.0162 2996 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:22:48.0177 2996 AmdK8 - ok
19:22:48.0193 2996 amsint - ok
19:22:48.0240 2996 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:22:48.0240 2996 Arp1394 - ok
19:22:48.0271 2996 asc - ok
19:22:48.0287 2996 asc3350p - ok
19:22:48.0318 2996 asc3550 - ok
19:22:48.0381 2996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:22:48.0381 2996 AsyncMac - ok
19:22:48.0412 2996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:22:48.0412 2996 atapi - ok
19:22:48.0443 2996 Atdisk - ok
19:22:48.0568 2996 ati2mtag (287b11a781f2b7a28f283fd4b7434daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:22:48.0599 2996 ati2mtag - ok
19:22:48.0818 2996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:22:48.0818 2996 Atmarpc - ok
19:22:48.0896 2996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:22:48.0896 2996 audstub - ok
19:22:48.0959 2996 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:22:48.0974 2996 BCM43XX - ok
19:22:49.0006 2996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:22:49.0006 2996 Beep - ok
19:22:49.0068 2996 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:22:49.0068 2996 BrScnUsb - ok
19:22:49.0099 2996 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:22:49.0099 2996 BrSerIf - ok
19:22:49.0146 2996 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:22:49.0146 2996 BrUsbSer - ok
19:22:49.0177 2996 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
19:22:49.0177 2996 BTWUSB - ok
19:22:49.0224 2996 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys
19:22:49.0224 2996 CAMCAUD - ok
19:22:49.0287 2996 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys
19:22:49.0302 2996 CAMCHALA - ok
19:22:49.0537 2996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:22:49.0552 2996 cbidf2k - ok
19:22:49.0662 2996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:22:49.0662 2996 CCDECODE - ok
19:22:49.0693 2996 cd20xrnt - ok
19:22:49.0740 2996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:22:49.0740 2996 Cdaudio - ok
19:22:49.0771 2996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:22:49.0787 2996 Cdfs - ok
19:22:49.0834 2996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:22:49.0834 2996 Cdrom - ok
19:22:49.0849 2996 Changer - ok
19:22:49.0912 2996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:22:49.0912 2996 CmBatt - ok
19:22:49.0943 2996 CmdIde - ok
19:22:49.0974 2996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:22:49.0974 2996 Compbatt - ok
19:22:50.0021 2996 Cpqarray - ok
19:22:50.0053 2996 dac2w2k - ok
19:22:50.0084 2996 dac960nt - ok
19:22:50.0115 2996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:22:50.0115 2996 Disk - ok
19:22:50.0193 2996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:22:50.0209 2996 dmboot - ok
19:22:50.0303 2996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:22:50.0303 2996 dmio - ok
19:22:50.0459 2996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:22:50.0459 2996 dmload - ok
19:22:50.0521 2996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:22:50.0521 2996 DMusic - ok
19:22:50.0584 2996 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:22:50.0599 2996 dot4 - ok
19:22:50.0662 2996 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:22:50.0662 2996 Dot4Print - ok
19:22:50.0709 2996 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
19:22:50.0709 2996 Dot4Scan - ok
19:22:50.0740 2996 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
19:22:50.0740 2996 dot4usb - ok
19:22:50.0771 2996 dpti2o - ok
19:22:50.0818 2996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:22:50.0818 2996 drmkaud - ok
19:22:50.0865 2996 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
19:22:50.0865 2996 eabfiltr - ok
19:22:50.0896 2996 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
19:22:50.0896 2996 eabusb - ok
19:22:50.0990 2996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:22:50.0990 2996 Fastfat - ok
19:22:51.0053 2996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:22:51.0053 2996 Fdc - ok
19:22:51.0099 2996 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:22:51.0099 2996 FilterService - ok
19:22:51.0193 2996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:22:51.0193 2996 Fips - ok
19:22:51.0349 2996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:22:51.0349 2996 Flpydisk - ok
19:22:51.0412 2996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:22:51.0412 2996 FltMgr - ok
19:22:51.0474 2996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:22:51.0474 2996 Fs_Rec - ok
19:22:51.0506 2996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:22:51.0521 2996 Ftdisk - ok
19:22:51.0584 2996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:22:51.0584 2996 GEARAspiWDM - ok
19:22:51.0631 2996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:22:51.0631 2996 Gpc - ok
19:22:51.0709 2996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:22:51.0709 2996 HidUsb - ok
19:22:51.0740 2996 hpn - ok
19:22:51.0818 2996 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
19:22:51.0834 2996 HSFHWATI - ok
19:22:51.0912 2996 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:22:51.0943 2996 HSF_DP - ok
19:22:52.0162 2996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:22:52.0162 2996 HTTP - ok
19:22:52.0193 2996 i2omgmt - ok
19:22:52.0225 2996 i2omp - ok
19:22:52.0271 2996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:22:52.0271 2996 i8042prt - ok
19:22:52.0365 2996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:22:52.0365 2996 Imapi - ok
19:22:52.0412 2996 ini910u - ok
19:22:52.0475 2996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:22:52.0475 2996 IntelIde - ok
19:22:52.0537 2996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:22:52.0553 2996 Ip6Fw - ok
19:22:52.0600 2996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:22:52.0600 2996 IpFilterDriver - ok
19:22:52.0646 2996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:22:52.0646 2996 IpInIp - ok
19:22:52.0709 2996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:22:52.0725 2996 IpNat - ok
19:22:52.0881 2996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:22:52.0896 2996 IPSec - ok
19:22:52.0943 2996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:22:52.0943 2996 IRENUM - ok
19:22:53.0021 2996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:22:53.0021 2996 isapnp - ok
19:22:53.0068 2996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:22:53.0068 2996 Kbdclass - ok
19:22:53.0100 2996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:22:53.0100 2996 kbdhid - ok
19:22:53.0178 2996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:22:53.0178 2996 kmixer - ok
19:22:53.0225 2996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:22:53.0240 2996 KSecDD - ok
19:22:53.0303 2996 lbrtfdc - ok
19:22:53.0381 2996 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
19:22:53.0381 2996 lvpopflt - ok
19:22:53.0428 2996 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:22:53.0443 2996 LVPr2Mon - ok
19:22:53.0537 2996 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:22:53.0537 2996 LVRS - ok
19:22:54.0084 2996 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:22:54.0443 2996 LVUVC - ok
19:22:54.0678 2996 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:22:54.0678 2996 MBAMProtector - ok
19:22:54.0803 2996 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:22:54.0803 2996 mdmxsdk - ok
19:22:54.0881 2996 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:22:54.0897 2996 MHNDRV - ok
19:22:54.0928 2996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:22:54.0928 2996 mnmdd - ok
19:22:54.0990 2996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:22:54.0990 2996 Modem - ok
19:22:55.0037 2996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:22:55.0037 2996 Mouclass - ok
19:22:55.0084 2996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:22:55.0084 2996 MountMgr - ok
19:22:55.0115 2996 mraid35x - ok
19:22:55.0178 2996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:22:55.0193 2996 MRxDAV - ok
19:22:55.0256 2996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:22:55.0272 2996 MRxSmb - ok
19:22:55.0459 2996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:22:55.0459 2996 Msfs - ok
19:22:55.0522 2996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:22:55.0522 2996 MSKSSRV - ok
19:22:55.0553 2996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:22:55.0553 2996 MSPCLOCK - ok
19:22:55.0615 2996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:22:55.0615 2996 MSPQM - ok
19:22:55.0662 2996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:22:55.0662 2996 mssmbios - ok
19:22:55.0693 2996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:22:55.0709 2996 MSTEE - ok
19:22:55.0756 2996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:22:55.0756 2996 Mup - ok
19:22:55.0818 2996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:22:55.0834 2996 NABTSFEC - ok
19:22:55.0897 2996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:22:55.0912 2996 NDIS - ok
19:22:55.0959 2996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:22:55.0959 2996 NdisIP - ok
19:22:56.0006 2996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:22:56.0022 2996 NdisTapi - ok
19:22:56.0053 2996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:22:56.0053 2996 Ndisuio - ok
19:22:56.0100 2996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:22:56.0100 2996 NdisWan - ok
19:22:56.0162 2996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:22:56.0162 2996 NDProxy - ok
19:22:56.0334 2996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:22:56.0334 2996 NetBIOS - ok
19:22:56.0381 2996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:22:56.0397 2996 NetBT - ok
19:22:56.0506 2996 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:22:56.0506 2996 NIC1394 - ok
19:22:56.0553 2996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:22:56.0553 2996 Npfs - ok
19:22:56.0631 2996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:22:56.0647 2996 Ntfs - ok
19:22:56.0725 2996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:22:56.0725 2996 Null - ok
19:22:56.0787 2996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:22:56.0787 2996 NwlnkFlt - ok
19:22:56.0819 2996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:22:56.0819 2996 NwlnkFwd - ok
19:22:56.0897 2996 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:22:56.0897 2996 ohci1394 - ok
19:22:57.0084 2996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:22:57.0084 2996 Parport - ok
19:22:57.0131 2996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:22:57.0131 2996 PartMgr - ok
19:22:57.0178 2996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:22:57.0194 2996 ParVdm - ok
19:22:57.0225 2996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:22:57.0225 2996 PCI - ok
19:22:57.0256 2996 PCIDump - ok
19:22:57.0287 2996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:22:57.0303 2996 PCIIde - ok
19:22:57.0350 2996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:22:57.0365 2996 Pcmcia - ok
19:22:57.0397 2996 PDCOMP - ok
19:22:57.0412 2996 PDFRAME - ok
19:22:57.0444 2996 PDRELI - ok
19:22:57.0475 2996 PDRFRAME - ok
19:22:57.0522 2996 perc2 - ok
19:22:57.0553 2996 perc2hib - ok
19:22:57.0662 2996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:22:57.0662 2996 PptpMiniport - ok
19:22:57.0694 2996 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:22:57.0694 2996 Processor - ok
19:22:57.0756 2996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:22:57.0756 2996 PSched - ok
19:22:57.0881 2996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:22:57.0881 2996 Ptilink - ok
19:22:57.0944 2996 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:22:57.0944 2996 PxHelp20 - ok
19:22:57.0991 2996 ql1080 - ok
19:22:58.0022 2996 Ql10wnt - ok
19:22:58.0053 2996 ql12160 - ok
19:22:58.0084 2996 ql1240 - ok
19:22:58.0100 2996 ql1280 - ok
19:22:58.0147 2996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:22:58.0147 2996 RasAcd - ok
19:22:58.0225 2996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:22:58.0225 2996 Rasl2tp - ok
19:22:58.0381 2996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:22:58.0381 2996 RasPppoe - ok
19:22:58.0428 2996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:22:58.0428 2996 Raspti - ok
19:22:58.0475 2996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:22:58.0475 2996 Rdbss - ok
19:22:58.0522 2996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:22:58.0522 2996 RDPCDD - ok
19:22:58.0584 2996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:22:58.0584 2996 rdpdr - ok
19:22:58.0662 2996 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:22:58.0662 2996 RDPWD - ok
19:22:58.0725 2996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:22:58.0725 2996 redbook - ok
19:22:58.0803 2996 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
19:22:58.0803 2996 RimUsb - ok
19:22:58.0819 2996 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
19:22:58.0834 2996 RimVSerPort - ok
19:22:58.0866 2996 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:22:58.0881 2996 ROOTMODEM - ok
19:22:58.0959 2996 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:22:58.0975 2996 RTL8023xp - ok
19:22:59.0022 2996 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:22:59.0022 2996 rtl8139 - ok
19:22:59.0241 2996 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:22:59.0256 2996 sdbus - ok
19:22:59.0303 2996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:22:59.0303 2996 Secdrv - ok
19:22:59.0381 2996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:22:59.0381 2996 Serial - ok
19:22:59.0428 2996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:22:59.0428 2996 Sfloppy - ok
19:22:59.0522 2996 Simbad - ok
19:22:59.0584 2996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:22:59.0584 2996 SLIP - ok
19:22:59.0616 2996 Sparrow - ok
19:22:59.0662 2996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:22:59.0662 2996 splitter - ok
19:22:59.0709 2996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:22:59.0709 2996 sr - ok
19:22:59.0803 2996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:22:59.0819 2996 Srv - ok
19:22:59.0913 2996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:22:59.0913 2996 streamip - ok
19:22:59.0975 2996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:22:59.0975 2996 swenum - ok
19:23:00.0147 2996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:23:00.0147 2996 swmidi - ok
19:23:00.0194 2996 symc810 - ok
19:23:00.0225 2996 symc8xx - ok
19:23:00.0256 2996 sym_hi - ok
19:23:00.0288 2996 sym_u3 - ok
19:23:00.0350 2996 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:23:00.0350 2996 SynTP - ok
19:23:00.0397 2996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:23:00.0397 2996 sysaudio - ok
19:23:00.0475 2996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:23:00.0491 2996 Tcpip - ok
19:23:00.0538 2996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:23:00.0553 2996 TDPIPE - ok
19:23:00.0647 2996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:23:00.0647 2996 TDTCP - ok
19:23:00.0709 2996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:23:00.0709 2996 TermDD - ok
19:23:00.0819 2996 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
19:23:00.0819 2996 tifm21 - ok
19:23:00.0850 2996 TosIde - ok
19:23:00.0897 2996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:23:00.0913 2996 Udfs - ok
19:23:00.0928 2996 ultra - ok
19:23:01.0006 2996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:23:01.0006 2996 Update - ok
19:23:01.0194 2996 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:23:01.0209 2996 USBAAPL - ok
19:23:01.0256 2996 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:23:01.0256 2996 usbaudio - ok
19:23:01.0303 2996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:23:01.0303 2996 usbccgp - ok
19:23:01.0334 2996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:23:01.0350 2996 usbehci - ok
19:23:01.0381 2996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:01.0381 2996 usbhub - ok
19:23:01.0444 2996 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:23:01.0444 2996 usbohci - ok
19:23:01.0522 2996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:23:01.0522 2996 usbprint - ok
19:23:01.0553 2996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:23:01.0569 2996 usbscan - ok
19:23:01.0600 2996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:01.0600 2996 USBSTOR - ok
19:23:01.0663 2996 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:23:01.0663 2996 usbvideo - ok
19:23:01.0694 2996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:23:01.0694 2996 VgaSave - ok
19:23:01.0881 2996 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:23:01.0881 2996 ViaIde - ok
19:23:01.0913 2996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:01.0913 2996 VolSnap - ok
19:23:01.0960 2996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:01.0960 2996 Wanarp - ok
19:23:01.0991 2996 WDICA - ok
19:23:02.0038 2996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:02.0038 2996 wdmaud - ok
19:23:02.0147 2996 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:23:02.0163 2996 winachsf - ok
19:23:02.0288 2996 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:23:02.0288 2996 WmiAcpi - ok
19:23:02.0350 2996 WRkrn (5cbfd0dff695abb7cef5cf88707edc42) C:\WINDOWS\system32\drivers\WRkrn.sys
19:23:02.0350 2996 WRkrn - ok
19:23:02.0616 2996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:23:02.0616 2996 WSTCODEC - ok
19:23:02.0741 2996 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0
19:23:02.0756 2996 \Device\Harddisk0\DR0 - ok
19:23:02.0772 2996 Boot (0x1200) (c489dae8d1b6b2ff39c0c9b8c6f3ffcc) \Device\Harddisk0\DR0\Partition0
19:23:02.0772 2996 \Device\Harddisk0\DR0\Partition0 - ok
19:23:02.0803 2996 Boot (0x1200) (b4d8d41d67d2e643ed9b2a8a9c36867f) \Device\Harddisk0\DR0\Partition1
19:23:02.0803 2996 \Device\Harddisk0\DR0\Partition1 - ok
19:23:02.0819 2996 ============================================================
19:23:02.0819 2996 Scan finished
19:23:02.0819 2996 ============================================================
19:23:02.0850 4052 Detected object count: 0
19:23:02.0850 4052 Actual detected object count: 0
19:24:19.0699 3876 Deinitialize success

#13 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 28 February 2012 - 07:30 PM

Hey do I need to be concerned that I am posting this? Do others on the site see my information? Just a thought.......thx.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:14 AM

Posted 29 February 2012 - 02:14 AM

No need to be concerned. Others can see this information, but its not as if this is unique data. It just tells some general things about your computer like OS version and loaded drivers. Not something anyone can do anything useful with. :) No personal data is shown (except maybe the name of your userprofile, which is hardly a problem usually).

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 idayo

idayo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 29 February 2012 - 04:47 PM

When I ran the combofix it ran for awhile with a blue pop up box and curser blinking. Then went to black screen for a very very long time. The computer never shutdown/reboot. Just stayed black screen. I wasnt able to manipulate the computer, so I shut it off manually with the power button. i did this twice. After started back up I looked in c Drive
and there was a "Combofix" with a compter screen before the words "combofix". (as opposed to a folder icon or a notepad icon. When I clicked on it, it directed me to what would normally be called,(what i am used to) "My Computer". At the top of the payne, (above file, edit, view, etc...) it says "Combofix" In the payne it lists "Files Stored on This Computer",then "Hard disk Drives" , and then "Devices with Removable Storage".

There doesnt appear to be a C:Combofix.txt file generated.?
Let me know..thx :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users