Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Infection sucks


  • This topic is locked This topic is locked
14 replies to this topic

#1 MNGearhead

MNGearhead

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 22 February 2012 - 06:45 PM

I have done steps 1 through 6.
Step 7: DDS locks computer. Tried several times.

Step 8: Tried to make GMER log, but it is empty.
Please note, when starting GMER I get a 0xC000010E error and the check boxes Section down to Libraries is greyed out.

I have tried these in normal and safe mode.


Though not asked for, here is the MBAM log.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carla :: E1505 [administrator]

2/20/2012 8:31:48 PM
mbam-log-2012-02-20 (20-31-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239730
Time elapsed: 1 hour(s), 35 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Sure hope you can help.

Scott

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 23 February 2012 - 10:43 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 24 February 2012 - 06:04 PM

Thanks for your reply

Here is the OTL log

OTL logfile created on: 2/24/2012 4:45:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Carla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 523.16 Mb Available Physical Memory | 51.17% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 96.77 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.73 Gb Free Space | 91.83% Space Free | Partition Type: NTFS

Computer Name: E1505 | User Name: Carla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/24 16:41:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carla\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/03/16 18:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/26 00:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/05/23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 6E 91 B6 F9 EF CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/02/19 21:05:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1328408883359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF4B8CC-55E4-48DE-8B24-FBD687FF7451}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/03 20:23:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 16:44:21 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carla\Desktop\OTL.exe
[2012/02/24 16:44:11 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Carla\Desktop\aswMBR.exe
[2012/02/20 20:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Malwarebytes
[2012/02/20 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 20:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/20 20:29:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/20 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/20 20:06:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Carla\Desktop\dds.scr
[2012/02/20 18:49:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/20 18:49:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/20 18:49:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/20 18:49:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/20 18:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/20 18:48:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/20 18:47:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/19 21:54:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Start Menu\Programs\Administrative Tools
[2012/02/19 20:52:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/19 20:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Desktop\GooredFix Backups
[2012/02/19 20:22:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/19 20:17:00 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carla\Desktop\OTM.exe
[2012/02/19 18:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/02/18 15:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/18 15:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/18 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/02/18 15:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2012/02/18 15:13:59 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5ha.dll
[2012/02/18 15:12:43 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/02/18 15:11:18 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2012/02/18 15:11:00 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotiop5.dll
[2012/02/18 15:11:00 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax5.dll
[2012/02/18 15:11:00 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2012/02/18 15:11:00 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012/02/18 15:11:00 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst12.dll
[2012/02/18 15:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/18 15:10:32 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/02/18 01:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Desktop\New Folder (4)
[2012/02/18 00:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Sun
[2012/02/17 16:02:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\My Documents\My Videos
[2012/02/17 15:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Desktop\New Folder (3)
[2012/02/17 15:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Apple
[2012/02/17 15:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Apple Computer
[2012/02/10 09:57:47 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/02/10 09:57:47 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/02/04 20:41:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/02/04 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Macromedia
[2012/02/04 20:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Innovative Solutions
[2012/02/04 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Identities
[2012/02/04 19:31:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carla\Recent
[2012/02/04 19:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Google
[2012/02/04 19:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Google
[2012/02/04 19:22:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carla\PrivacIE
[2012/02/04 19:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Adobe
[2012/02/04 19:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Identities
[2012/02/04 19:18:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\My Documents\My Music
[2012/02/04 19:18:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\My Documents\My Pictures
[2012/02/04 19:18:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carla\IETldCache
[2012/02/04 19:17:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Carla\Application Data\Microsoft
[2012/02/04 19:17:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Application Data
[2012/02/04 19:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\SendTo
[2012/02/04 19:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\My Documents
[2012/02/04 19:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Favorites
[2012/02/04 19:17:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carla\Cookies
[2012/02/04 19:17:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carla\Local Settings
[2012/02/04 19:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\PrintHood
[2012/02/04 19:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\NetHood
[2012/02/04 19:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft
[2012/02/04 19:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Desktop
[2012/02/04 19:17:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Start Menu\Programs\Startup
[2012/02/04 19:17:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Start Menu
[2012/02/04 19:17:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carla\Start Menu\Programs\Accessories
[2012/02/04 19:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Templates
[2012/02/04 16:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carla\Application Data\Apple Computer
[2012/02/04 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/04 15:32:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/02/04 14:10:29 | 000,000,000 | ---D | C] -- C:\c227d2ae503247696d007e
[2012/02/03 20:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012/02/03 20:49:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Windows Defender Offline
[2012/02/02 21:01:00 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2012/02/24 16:42:55 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carla\Desktop\aswMBR.exe
[2012/02/24 16:41:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carla\Desktop\OTL.exe
[2012/02/22 18:58:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 17:36:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/22 17:31:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/22 17:30:35 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 17:30:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 20:42:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/20 20:29:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 20:05:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carla\defogger_reenable
[2012/02/20 20:02:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Carla\Desktop\Defogger.exe
[2012/02/19 21:33:10 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Carla\Desktop\mlw1ehgj.exe
[2012/02/19 21:28:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Carla\Desktop\dds.scr
[2012/02/19 21:05:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/19 18:51:58 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carla\Desktop\OTM.exe
[2012/02/18 15:16:48 | 000,142,919 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2012/02/18 01:18:50 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Carla\jagex_cl_runescape_LIVE.dat
[2012/02/17 16:01:27 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/17 15:11:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 23:08:44 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 21:15:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/04 19:20:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 19:20:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/04 16:13:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/02/03 17:56:05 | 000,469,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/03 17:56:04 | 000,133,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/02 23:54:31 | 000,441,096 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120218-152236.backup
[2012/02/02 19:45:45 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120202-235431.backup
[2012/01/31 06:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/02/20 20:29:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 20:05:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carla\defogger_reenable
[2012/02/20 20:04:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Carla\Desktop\Defogger.exe
[2012/02/20 18:49:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/20 18:49:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/20 18:49:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/20 18:49:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/20 18:49:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/20 17:49:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Carla\Desktop\mlw1ehgj.exe
[2012/02/18 15:08:43 | 000,142,919 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012/02/18 15:08:43 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012/02/18 00:28:42 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Carla\jagex_cl_runescape_LIVE.dat
[2012/02/17 16:01:27 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/15 11:01:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 11:01:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/04 19:20:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 19:20:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Carla\Start Menu\Programs\Internet Explorer.lnk
[2012/02/04 19:20:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Carla\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/04 19:19:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Carla\Start Menu\Programs\Outlook Express.lnk
[2012/02/04 19:17:23 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Carla\Start Menu\Programs\Remote Assistance.lnk
[2012/02/04 19:17:23 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Carla\Start Menu\Programs\Windows Media Player.lnk
[2012/02/04 16:18:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/04 16:12:22 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/02 19:24:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/26 10:19:39 | 000,001,354 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\63yy4737b21bxua62vanq26k17p37y5o
[2011/08/30 15:43:34 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/10 09:56:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/12 22:32:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/03 21:58:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/01/03 21:41:04 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/01/03 21:08:30 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2011/01/03 20:35:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/01/03 20:35:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/01/03 20:35:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/01/03 20:26:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/03 20:20:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/03 14:12:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/03 14:11:37 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %systemroot%\*./rp /s >

< End of report >

Here is the Extras.txt file

OTL Extras logfile created on: 2/24/2012 4:45:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Carla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 523.16 Mb Available Physical Memory | 51.17% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 96.77 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.73 Gb Free Space | 91.83% Space Free | Partition Type: NTFS

Computer Name: E1505 | User Name: Carla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Carla\Local Settings\Temp\7zS7.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\Carla\Local Settings\Temp\7zS7.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AU9_is1" = Advanced Uninstaller PRO - Version 9
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2012 10:16:29 PM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37484

Error - 2/22/2012 10:16:31 PM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/22/2012 10:16:31 PM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39562

Error - 2/22/2012 10:16:31 PM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39562

Error - 2/24/2012 12:06:36 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/24/2012 12:06:36 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2546

Error - 2/24/2012 12:06:36 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2546

Error - 2/24/2012 12:06:38 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/24/2012 12:06:38 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4609

Error - 2/24/2012 12:06:38 AM | Computer Name = E1505 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4609

[ System Events ]
Error - 2/20/2012 11:34:19 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/20/2012 11:34:28 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/20/2012 11:34:51 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/21/2012 12:10:04 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/21/2012 12:11:16 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/21/2012 12:12:38 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 4 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/21/2012 12:32:20 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 5 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/24/2012 12:06:26 AM | Computer Name = E1505 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 00197D22DEAF.

Error - 2/24/2012 6:38:08 PM | Computer Name = E1505 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 00197D22DEAF.

Error - 2/24/2012 6:43:58 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).


< End of report >

Here is the aswMBR log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 16:57:34
-----------------------------
16:57:34.843 OS Version: Windows 5.1.2600 Service Pack 3
16:57:34.859 Number of processors: 2 586 0xF06
16:57:34.859 ComputerName: E1505 UserName: Carla
16:57:37.781 Initialize success
16:58:09.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:58:09.890 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001D Size: 114473MB BusType: 3
16:58:09.906 Disk 0 MBR read successfully
16:58:09.906 Disk 0 MBR scan
16:58:09.906 Disk 0 Windows XP default MBR code
16:58:09.906 Disk 0 MBR hidden
16:58:09.906 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 114463 MB offset 63
16:58:09.937 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 234420480
16:58:09.937 Disk 0 Partition 2 **SUSPICIOUS**
16:58:09.968 Disk 0 scanning sectors +234441632
16:58:10.046 Disk 0 scanning C:\WINDOWS\system32\drivers
16:58:32.812 Service scanning
16:59:06.749 Modules scanning
16:59:32.874 Disk 0 trace - called modules:
16:59:32.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86733fa9]<<
16:59:32.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8670dab8]
16:59:32.890 3 CLASSPNP.SYS[f7671fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86752e98]
16:59:32.890 5 ACPI.sys[f74e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86782d98]
16:59:32.906 \Driver\atapi[0x86712030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86733fa9
16:59:32.906 Scan finished successfully
16:59:59.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carla\Desktop\MBR.dat"
16:59:59.656 The log file has been saved successfully to "C:\Documents and Settings\Carla\Desktop\aswMBR.txt"


Thanks for your help

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 24 February 2012 - 09:07 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • TDSSKiller log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 25 February 2012 - 12:28 AM

Here is the TDSSkiller log

21:17:57.0562 4072 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
21:17:57.0968 4072 ============================================================
21:17:57.0968 4072 Current date / time: 2012/02/24 21:17:57.0968
21:17:57.0968 4072 SystemInfo:
21:17:57.0968 4072
21:17:57.0968 4072 OS Version: 5.1.2600 ServicePack: 3.0
21:17:57.0968 4072 Product type: Workstation
21:17:57.0968 4072 ComputerName: E1505
21:17:57.0968 4072 UserName: Carla
21:17:57.0968 4072 Windows directory: C:\WINDOWS
21:17:57.0968 4072 System windows directory: C:\WINDOWS
21:17:57.0968 4072 Processor architecture: Intel x86
21:17:57.0968 4072 Number of processors: 2
21:17:57.0968 4072 Page size: 0x1000
21:17:57.0968 4072 Boot type: Normal boot
21:17:57.0968 4072 ============================================================
21:18:00.0312 4072 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:18:00.0328 4072 Drive \Device\Harddisk1\DR9 - Size: 0x78A80000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:18:00.0328 4072 \Device\Harddisk0\DR0:
21:18:00.0328 4072 MBR used
21:18:00.0328 4072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
21:18:00.0328 4072 \Device\Harddisk1\DR9:
21:18:00.0328 4072 MBR used
21:18:00.0328 4072 \Device\Harddisk1\DR9\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3C51E0
21:18:00.0359 4072 Initialize success
21:18:00.0359 4072 ============================================================
21:18:37.0765 2328 ============================================================
21:18:37.0765 2328 Scan started
21:18:37.0765 2328 Mode: Manual; TDLFS;
21:18:37.0765 2328 ============================================================
21:18:39.0203 2328 Abiosdsk - ok
21:18:39.0500 2328 abp480n5 - ok
21:18:39.0937 2328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:18:40.0031 2328 ACPI - ok
21:18:40.0375 2328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:18:40.0390 2328 ACPIEC - ok
21:18:40.0687 2328 adpu160m - ok
21:18:41.0078 2328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:18:41.0140 2328 aec - ok
21:18:41.0546 2328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:18:41.0609 2328 AFD - ok
21:18:41.0906 2328 Aha154x - ok
21:18:42.0203 2328 aic78u2 - ok
21:18:42.0500 2328 aic78xx - ok
21:18:42.0828 2328 AliIde - ok
21:18:43.0140 2328 amsint - ok
21:18:43.0468 2328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:18:43.0500 2328 Arp1394 - ok
21:18:43.0796 2328 asc - ok
21:18:44.0109 2328 asc3350p - ok
21:18:44.0406 2328 asc3550 - ok
21:18:44.0734 2328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:44.0750 2328 AsyncMac - ok
21:18:45.0203 2328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:18:45.0218 2328 atapi - ok
21:18:45.0515 2328 Atdisk - ok
21:18:46.0687 2328 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:18:47.0453 2328 ati2mtag - ok
21:18:47.0968 2328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:18:47.0984 2328 Atmarpc - ok
21:18:48.0343 2328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:18:48.0343 2328 audstub - ok
21:18:49.0000 2328 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:18:49.0296 2328 BCM43XX - ok
21:18:49.0734 2328 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:18:49.0765 2328 bcm4sbxp - ok
21:18:50.0109 2328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:18:50.0109 2328 Beep - ok
21:18:50.0437 2328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:18:50.0437 2328 cbidf2k - ok
21:18:50.0750 2328 cd20xrnt - ok
21:18:51.0062 2328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:18:51.0078 2328 Cdaudio - ok
21:18:51.0453 2328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:18:51.0468 2328 Cdfs - ok
21:18:51.0828 2328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:18:51.0843 2328 Cdrom - ok
21:18:52.0234 2328 Changer - ok
21:18:52.0578 2328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:18:52.0593 2328 CmBatt - ok
21:18:52.0906 2328 CmdIde - ok
21:18:53.0234 2328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:18:53.0234 2328 Compbatt - ok
21:18:53.0546 2328 Cpqarray - ok
21:18:53.0843 2328 dac2w2k - ok
21:18:54.0156 2328 dac960nt - ok
21:18:54.0484 2328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:18:54.0484 2328 Disk - ok
21:18:55.0328 2328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:18:55.0734 2328 dmboot - ok
21:18:56.0218 2328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:18:56.0265 2328 dmio - ok
21:18:56.0609 2328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:18:56.0609 2328 dmload - ok
21:18:56.0968 2328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:18:56.0984 2328 DMusic - ok
21:18:57.0296 2328 dpti2o - ok
21:18:57.0625 2328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:18:57.0625 2328 drmkaud - ok
21:18:58.0093 2328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:18:58.0156 2328 Fastfat - ok
21:18:58.0593 2328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:18:58.0609 2328 Fdc - ok
21:18:58.0953 2328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:18:58.0968 2328 Fips - ok
21:18:59.0281 2328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:18:59.0296 2328 Flpydisk - ok
21:18:59.0687 2328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:18:59.0734 2328 FltMgr - ok
21:19:00.0062 2328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:00.0062 2328 Fs_Rec - ok
21:19:00.0421 2328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:00.0468 2328 Ftdisk - ok
21:19:00.0843 2328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:19:01.0156 2328 GEARAspiWDM - ok
21:19:01.0500 2328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:01.0515 2328 Gpc - ok
21:19:02.0093 2328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:02.0171 2328 HDAudBus - ok
21:19:02.0546 2328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:02.0546 2328 HidUsb - ok
21:19:02.0843 2328 hpn - ok
21:19:03.0687 2328 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
21:19:04.0140 2328 HSF_DPV - ok
21:19:04.0609 2328 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:19:04.0718 2328 HSXHWAZL - ok
21:19:05.0218 2328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:05.0359 2328 HTTP - ok
21:19:05.0656 2328 i2omgmt - ok
21:19:05.0968 2328 i2omp - ok
21:19:06.0328 2328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:06.0359 2328 i8042prt - ok
21:19:06.0718 2328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:06.0734 2328 Imapi - ok
21:19:07.0078 2328 ini910u - ok
21:19:07.0375 2328 IntelIde - ok
21:19:07.0734 2328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:07.0750 2328 intelppm - ok
21:19:08.0093 2328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:08.0109 2328 Ip6Fw - ok
21:19:08.0515 2328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:08.0531 2328 IpFilterDriver - ok
21:19:08.0859 2328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:08.0875 2328 IpInIp - ok
21:19:09.0281 2328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:09.0359 2328 IpNat - ok
21:19:09.0734 2328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:09.0765 2328 IPSec - ok
21:19:10.0140 2328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:10.0140 2328 IRENUM - ok
21:19:10.0500 2328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:10.0500 2328 isapnp - ok
21:19:10.0843 2328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:10.0859 2328 Kbdclass - ok
21:19:11.0250 2328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:19:11.0250 2328 kmixer - ok
21:19:11.0625 2328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:11.0671 2328 KSecDD - ok
21:19:11.0984 2328 lbrtfdc - ok
21:19:12.0343 2328 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:19:12.0343 2328 mdmxsdk - ok
21:19:12.0734 2328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:12.0734 2328 mnmdd - ok
21:19:13.0140 2328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:19:13.0140 2328 Modem - ok
21:19:13.0500 2328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:13.0515 2328 Mouclass - ok
21:19:13.0875 2328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:19:13.0875 2328 mouhid - ok
21:19:14.0250 2328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:14.0265 2328 MountMgr - ok
21:19:14.0718 2328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:19:14.0796 2328 MpFilter - ok
21:19:15.0125 2328 mraid35x - ok
21:19:15.0546 2328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:15.0609 2328 MRxDAV - ok
21:19:16.0187 2328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:16.0390 2328 MRxSmb - ok
21:19:16.0750 2328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:19:16.0750 2328 Msfs - ok
21:19:17.0156 2328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:17.0156 2328 MSKSSRV - ok
21:19:17.0531 2328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:17.0531 2328 MSPCLOCK - ok
21:19:17.0859 2328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:17.0859 2328 MSPQM - ok
21:19:18.0234 2328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:18.0234 2328 mssmbios - ok
21:19:18.0640 2328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:19:18.0671 2328 Mup - ok
21:19:19.0125 2328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:19:19.0187 2328 NDIS - ok
21:19:19.0546 2328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:19.0562 2328 NdisTapi - ok
21:19:19.0921 2328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:19.0921 2328 Ndisuio - ok
21:19:20.0296 2328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:20.0343 2328 NdisWan - ok
21:19:20.0703 2328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:20.0718 2328 NDProxy - ok
21:19:21.0062 2328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:21.0078 2328 NetBIOS - ok
21:19:21.0468 2328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:21.0546 2328 NetBT - ok
21:19:21.0921 2328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:19:21.0953 2328 NIC1394 - ok
21:19:22.0343 2328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:19:22.0343 2328 Npfs - ok
21:19:22.0968 2328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:23.0234 2328 Ntfs - ok
21:19:23.0640 2328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:19:23.0640 2328 Null - ok
21:19:24.0000 2328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:24.0000 2328 NwlnkFlt - ok
21:19:24.0343 2328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:24.0359 2328 NwlnkFwd - ok
21:19:24.0687 2328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:19:24.0703 2328 ohci1394 - ok
21:19:25.0078 2328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:19:25.0125 2328 Parport - ok
21:19:25.0453 2328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:25.0453 2328 PartMgr - ok
21:19:25.0781 2328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:25.0781 2328 ParVdm - ok
21:19:26.0125 2328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:26.0156 2328 PCI - ok
21:19:26.0453 2328 PCIDump - ok
21:19:26.0796 2328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:26.0796 2328 PCIIde - ok
21:19:27.0343 2328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:27.0406 2328 Pcmcia - ok
21:19:27.0734 2328 PDCOMP - ok
21:19:28.0046 2328 PDFRAME - ok
21:19:28.0343 2328 PDRELI - ok
21:19:28.0656 2328 PDRFRAME - ok
21:19:28.0968 2328 perc2 - ok
21:19:29.0265 2328 perc2hib - ok
21:19:29.0656 2328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:29.0671 2328 PptpMiniport - ok
21:19:30.0015 2328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:19:30.0046 2328 PSched - ok
21:19:30.0375 2328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:30.0375 2328 Ptilink - ok
21:19:30.0703 2328 ql1080 - ok
21:19:31.0015 2328 Ql10wnt - ok
21:19:31.0312 2328 ql12160 - ok
21:19:31.0609 2328 ql1240 - ok
21:19:31.0921 2328 ql1280 - ok
21:19:32.0250 2328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:32.0250 2328 RasAcd - ok
21:19:32.0578 2328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:32.0609 2328 Rasl2tp - ok
21:19:32.0937 2328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:32.0953 2328 RasPppoe - ok
21:19:33.0265 2328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:33.0281 2328 Raspti - ok
21:19:33.0703 2328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:33.0765 2328 Rdbss - ok
21:19:34.0078 2328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:34.0093 2328 RDPCDD - ok
21:19:34.0515 2328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:19:34.0609 2328 rdpdr - ok
21:19:35.0046 2328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:35.0109 2328 RDPWD - ok
21:19:35.0484 2328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:35.0500 2328 redbook - ok
21:19:35.0890 2328 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:19:35.0906 2328 rimmptsk - ok
21:19:36.0234 2328 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:19:36.0250 2328 rimsptsk - ok
21:19:36.0578 2328 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:19:36.0593 2328 rismxdp - ok
21:19:36.0968 2328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:19:37.0000 2328 sdbus - ok
21:19:37.0343 2328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:37.0343 2328 Secdrv - ok
21:19:37.0734 2328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:19:37.0765 2328 Serial - ok
21:19:38.0093 2328 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:19:38.0109 2328 sffdisk - ok
21:19:38.0453 2328 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:19:38.0453 2328 sffp_sd - ok
21:19:38.0859 2328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:38.0859 2328 Sfloppy - ok
21:19:39.0171 2328 Simbad - ok
21:19:39.0468 2328 Sparrow - ok
21:19:39.0796 2328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:19:39.0796 2328 splitter - ok
21:19:40.0171 2328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:40.0203 2328 sr - ok
21:19:40.0734 2328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:40.0890 2328 Srv - ok
21:19:41.0875 2328 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:19:42.0468 2328 STHDA - ok
21:19:42.0890 2328 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:19:42.0890 2328 StillCam - ok
21:19:43.0234 2328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:43.0234 2328 swenum - ok
21:19:43.0578 2328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:19:43.0609 2328 swmidi - ok
21:19:43.0937 2328 symc810 - ok
21:19:44.0250 2328 symc8xx - ok
21:19:44.0562 2328 sym_hi - ok
21:19:44.0906 2328 sym_u3 - ok
21:19:45.0328 2328 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:19:45.0406 2328 SynTP - ok
21:19:45.0765 2328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:45.0796 2328 sysaudio - ok
21:19:46.0375 2328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:46.0562 2328 Tcpip - ok
21:19:46.0906 2328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:46.0906 2328 TDPIPE - ok
21:19:47.0234 2328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:47.0250 2328 TDTCP - ok
21:19:47.0593 2328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:47.0609 2328 TermDD - ok
21:19:47.0921 2328 TosIde - ok
21:19:48.0281 2328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:19:48.0312 2328 Udfs - ok
21:19:48.0609 2328 UIUSys - ok
21:19:48.0906 2328 ultra - ok
21:19:49.0437 2328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:19:49.0640 2328 Update - ok
21:19:50.0078 2328 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:50.0093 2328 USBAAPL - ok
21:19:50.0437 2328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:50.0453 2328 usbccgp - ok
21:19:50.0812 2328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:50.0828 2328 usbehci - ok
21:19:51.0187 2328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:51.0218 2328 usbhub - ok
21:19:51.0671 2328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:19:51.0687 2328 usbprint - ok
21:19:52.0031 2328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:52.0046 2328 USBSTOR - ok
21:19:52.0375 2328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:19:52.0390 2328 usbuhci - ok
21:19:52.0703 2328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:19:52.0718 2328 VgaSave - ok
21:19:53.0015 2328 ViaIde - ok
21:19:53.0359 2328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:53.0375 2328 VolSnap - ok
21:19:53.0718 2328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:53.0734 2328 Wanarp - ok
21:19:54.0171 2328 WDICA - ok
21:19:54.0546 2328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:54.0578 2328 wdmaud - ok
21:19:55.0265 2328 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:19:55.0593 2328 winachsf - ok
21:19:55.0937 2328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:19:55.0937 2328 WmiAcpi - ok
21:19:56.0390 2328 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:19:56.0406 2328 WpdUsb - ok
21:19:56.0750 2328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:19:56.0750 2328 WS2IFSL - ok
21:19:57.0125 2328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:19:57.0156 2328 WudfPf - ok
21:19:57.0531 2328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:19:57.0562 2328 WudfRd - ok
21:19:57.0609 2328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:19:57.0656 2328 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:19:57.0656 2328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:19:57.0781 2328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:19:57.0781 2328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:19:57.0781 2328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR9
21:19:57.0906 2328 \Device\Harddisk1\DR9 - ok
21:19:57.0921 2328 Boot (0x1200) (88093845f7955d214130f46c9e3f557b) \Device\Harddisk0\DR0\Partition0
21:19:57.0921 2328 \Device\Harddisk0\DR0\Partition0 - ok
21:19:57.0921 2328 Boot (0x1200) (2f07dccbd65d7343bab528d3c6a3cfd6) \Device\Harddisk1\DR9\Partition0
21:19:57.0921 2328 \Device\Harddisk1\DR9\Partition0 - ok
21:19:57.0921 2328 ============================================================
21:19:57.0921 2328 Scan finished
21:19:57.0921 2328 ============================================================
21:19:57.0937 2840 Detected object count: 2
21:19:57.0937 2840 Actual detected object count: 2
21:20:53.0171 2840 \Device\Harddisk0\DR0\# - copied to quarantine
21:20:53.0171 2840 \Device\Harddisk0\DR0 - copied to quarantine
21:20:53.0328 2840 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:20:53.0328 2840 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:20:53.0343 2840 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:20:53.0343 2840 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:20:53.0343 2840 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:20:53.0406 2840 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:20:53.0500 2840 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:20:53.0500 2840 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:20:53.0515 2840 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:20:53.0531 2840 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:20:53.0578 2840 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:20:53.0578 2840 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:20:53.0593 2840 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:20:53.0593 2840 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:20:53.0593 2840 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:20:53.0656 2840 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:20:53.0656 2840 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:20:53.0937 2840 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:20:54.0062 2840 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:21:00.0687 2840 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
21:21:00.0718 2840 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:21:00.0734 2840 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
21:21:01.0218 2840 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:21:01.0312 2840 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:21:01.0375 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:21:01.0390 2840 \Device\Harddisk0\DR0 - ok
21:21:01.0406 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:21:01.0406 2840 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:21:01.0406 2840 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:21:07.0718 2716 Deinitialize success

Here is the MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carla :: E1505 [administrator]

2/24/2012 9:28:19 PM
mbam-log-2012-02-24 (21-28-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241187
Time elapsed: 1 hour(s), 38 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

(end)

Thanks

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 25 February 2012 - 11:40 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Posted Image Please download Listparts
  • Run the tool, click Scan and post the log (Result.txt) it makes.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ListParts log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 26 February 2012 - 02:31 PM

The computer seems to run ok, but still feels slow.
The google redirects have stopped.
When I tried to turn on real time protection in Microsoft security essientials it gave me a time out error, and wouldn't turn on.

Here is the Results log.

ListParts by Farbar
Ran by Carla (administrator) on 26-02-2012 at 08:50:12
Windows XP (X86)
Running From: C:\Documents and Settings\Carla\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 48%
Total physical RAM: 1022.37 MB
Available physical RAM: 529.16 MB
Total Pagefile: 2459.47 MB
Available Pagefile: 2023.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.77 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:96.66 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 112 GB Healthy System (partition with boot components)


****** End Of Log ******

Here is the eset log

C:\TDSSKiller_Quarantine\24.02.2012_21.17.57\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan

Don't I want ESET to fix this?

Edited by MNGearhead, 26 February 2012 - 02:37 PM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 26 February 2012 - 03:18 PM

That ESET detection is already in quarantine - we will clean all of that up when we finish. Please run this for me next:

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 26 February 2012 - 04:13 PM

Here is the ComboFix log

ComboFix 12-02-25.02 - Carla 02/26/2012 14:58:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -6:00]
Running from: c:\documents and settings\Carla\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jh4ol08bb0d2ekhj_o\us_sres.data
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\375d2069657b1684.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\9c2b5f73c20d4a0b.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cd7661e2089409a6.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 19:33 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BBA53B3-2F01-4EA5-BA54-DCC83339E9E4}\mpengine.dll
2012-02-26 14:53 . 2012-02-26 14:53 -------- d-----w- c:\program files\ESET
2012-02-26 14:43 . 2012-02-26 14:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-25 03:20 . 2012-02-25 03:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 02:29 . 2012-02-21 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-21 02:29 . 2012-02-21 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 02:29 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 02:52 . 2012-02-20 02:52 -------- d--h--w- c:\windows\PIF
2012-02-20 02:22 . 2012-02-20 02:22 -------- d-----w- C:\_OTM
2012-02-20 00:25 . 2012-02-20 00:25 -------- d-----w- c:\program files\MSXML 4.0
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Common Files\HP
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-18 21:14 . 2012-02-18 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2012-02-18 21:14 . 2007-03-15 21:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2012-02-18 21:13 . 2007-03-15 21:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2012-02-18 21:12 . 2001-08-17 19:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-02-18 21:12 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-02-18 21:11 . 2007-12-07 15:55 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-02-18 21:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2012-02-18 21:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll
2012-02-18 21:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll
2012-02-18 21:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2012-02-18 21:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-02-18 21:10 . 2012-02-18 21:10 -------- d-----w- c:\program files\HP
2012-02-18 21:10 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-02-18 21:10 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-15 17:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 23:19 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 15:57 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-05 02:41 . 2012-02-05 02:45 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-05 01:17 . 2012-02-26 14:12 -------- d-----w- c:\documents and settings\Carla
2012-02-04 22:11 . 2012-02-04 22:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-04 21:32 . 2012-02-04 21:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-04 20:10 . 2012-02-18 21:26 -------- d-----w- C:\c227d2ae503247696d007e
2012-02-04 02:49 . 2012-02-20 04:26 -------- d-----w- c:\windows\Microsoft Antimalware
2012-02-04 02:49 . 2012-02-04 02:49 -------- d-----w- c:\windows\Windows Defender Offline
2012-02-03 03:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 01:06 . 2012-02-04 02:54 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 14:42 . 2011-08-10 15:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2004-08-12 13:33 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-12 13:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-12 13:19 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-04 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:19 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:19 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 03:19]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 03:19]
.
2012-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-02-26 15:08:19
ComboFix-quarantined-files.txt 2012-02-26 21:08
.
Pre-Run: 103,684,374,528 bytes free
Post-Run: 103,688,081,408 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D094DC2AF00E30EF1852D6FA8211C6C2

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 26 February 2012 - 05:39 PM

Please do this now:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above SecCenter::

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Once you've run that, see if you can start MSSE again.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 26 February 2012 - 06:12 PM

After running combofix I tried to start realtime protection in MSSE, it timed out with error 0x800705b4

Here is the ComboFix log

ComboFix 12-02-25.02 - Carla 02/26/2012 16:58:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.546 [GMT -6:00]
Running from: c:\documents and settings\Carla\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carla\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 19:33 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BBA53B3-2F01-4EA5-BA54-DCC83339E9E4}\mpengine.dll
2012-02-26 14:53 . 2012-02-26 14:53 -------- d-----w- c:\program files\ESET
2012-02-26 14:43 . 2012-02-26 14:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-25 03:20 . 2012-02-25 03:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 02:29 . 2012-02-21 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-21 02:29 . 2012-02-21 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 02:29 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 02:52 . 2012-02-20 02:52 -------- d--h--w- c:\windows\PIF
2012-02-20 02:22 . 2012-02-20 02:22 -------- d-----w- C:\_OTM
2012-02-20 00:25 . 2012-02-20 00:25 -------- d-----w- c:\program files\MSXML 4.0
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Common Files\HP
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-02-18 21:15 . 2012-02-18 21:15 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-18 21:14 . 2012-02-18 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2012-02-18 21:14 . 2007-03-15 21:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2012-02-18 21:13 . 2007-03-15 21:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2012-02-18 21:12 . 2001-08-17 19:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-02-18 21:12 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-02-18 21:11 . 2007-12-07 15:55 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-02-18 21:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2012-02-18 21:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll
2012-02-18 21:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll
2012-02-18 21:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2012-02-18 21:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-02-18 21:10 . 2012-02-18 21:10 -------- d-----w- c:\program files\HP
2012-02-18 21:10 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-02-18 21:10 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-15 17:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 23:19 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 15:57 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-05 02:41 . 2012-02-05 02:45 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-05 01:17 . 2012-02-26 14:12 -------- d-----w- c:\documents and settings\Carla
2012-02-04 22:11 . 2012-02-04 22:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-04 21:32 . 2012-02-04 21:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-04 20:10 . 2012-02-18 21:26 -------- d-----w- C:\c227d2ae503247696d007e
2012-02-04 02:49 . 2012-02-20 04:26 -------- d-----w- c:\windows\Microsoft Antimalware
2012-02-04 02:49 . 2012-02-04 02:49 -------- d-----w- c:\windows\Windows Defender Offline
2012-02-03 03:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 01:06 . 2012-02-04 02:54 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 14:42 . 2011-08-10 15:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2004-08-12 13:33 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-12 13:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-12 13:19 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-04 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:19 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:19 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 03:19]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 03:19]
.
2012-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-26 17:09:04
ComboFix-quarantined-files.txt 2012-02-26 23:08
ComboFix2.txt 2012-02-26 21:08
.
Pre-Run: 103,697,494,016 bytes free
Post-Run: 103,688,314,880 bytes free
.
- - End Of File - - 212CC0A25DD20600AFBFEDF51B34E26C

Edited by MNGearhead, 26 February 2012 - 06:17 PM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 26 February 2012 - 10:51 PM

Hi,

I don't see any remaining malware issues that could be causing that, so I'm going to have you take care of some important cleanup, then I'd recommend that you uninstall and reinstall MSSE.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 MNGearhead

MNGearhead
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 27 February 2012 - 07:20 PM

Thank you for all your help.

I am reinstalling MSSE now, and updating the other programs after.

Resolved

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 27 February 2012 - 09:09 PM

You're welcome! If MSSE continues to give you grief here is a LINK to their direct support page. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 29 February 2012 - 05:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users