Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Browser Redirect


  • This topic is locked This topic is locked
27 replies to this topic

#1 LorelaiW

LorelaiW

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 25 February 2012 - 07:10 PM

Looks like this is a pretty common issue these days...

Found the browser redirect a week or two ago and have tried a few different scans and ultimately gotten nowhere. I've run MalwareBytes, AVG, Spybot, and a few others. The scans occasionally find an item or two but never actually fixes the browser redirection issue.

Thanks in advance for the help, this one is definitely over my head ;)


Here's the HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:20 PM, on 2/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080603
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080603
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADcAMQAyADEANwAzADcALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQAMwAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA"&"prod=90"&"ver=9.0.872
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Justin\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 11208 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 26 February 2012 - 02:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 26 February 2012 - 10:48 PM

Thanks for the help!

I ran DeFogger and all went as expected there.

However, I was not able to get DDS to complete. I tried running DDS twice and both times it completely froze my computer about 5-10 minutes after starting it. Was not able to click on anything and had to manually reboot in order to try again. I made sure to disable all the security programs before running it but maybe I missed something?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 26 February 2012 - 11:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 February 2012 - 12:24 AM

I'm sorry, this one just doesn't want to go easily.

I tried running Combofix and I first got an error message saying that it could not open a file. I chose for it to retry which seemed to work but a moment later it came up saying that there was a real time scanner running "AV Security Essentials". I looked it up since I definitely didn't recall installing it and it looks like it is a scam program.

I tried running MBAM in hopes that it would catch the scam but no such luck. Should I let Combofix run through anyway? Or is there a way to disable the scam scanner so it won't interfere?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 28 February 2012 - 12:35 AM

yes go ahead and let combofix run anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 29 February 2012 - 12:44 PM

I've tried a few times to get ComboFix to run, but it keeps freezing the computer.

After letting it run over the AV Security Essentials, it comes up with a message saying it has detected Rootkit.ZeroAccess which has inserted itself in the tcp/ip stack. A few minutes later it says the rootkit has been detected and to be patient. Well then within the next few minutes the computer is completely frozen and has to be manually rebooted. Tried it three times =/

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 29 February 2012 - 03:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 29 February 2012 - 07:17 PM

18:52:45.0528 3560 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
18:52:45.0872 3560 ============================================================
18:52:45.0872 3560 Current date / time: 2012/02/29 18:52:45.0872
18:52:45.0872 3560 SystemInfo:
18:52:45.0872 3560
18:52:45.0872 3560 OS Version: 5.1.2600 ServicePack: 3.0
18:52:45.0872 3560 Product type: Workstation
18:52:45.0872 3560 ComputerName: ONYXIA
18:52:45.0872 3560 UserName: Justin
18:52:45.0872 3560 Windows directory: C:\WINDOWS
18:52:45.0872 3560 System windows directory: C:\WINDOWS
18:52:45.0872 3560 Processor architecture: Intel x86
18:52:45.0872 3560 Number of processors: 2
18:52:45.0872 3560 Page size: 0x1000
18:52:45.0872 3560 Boot type: Normal boot
18:52:45.0872 3560 ============================================================
18:52:49.0168 3560 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:52:49.0168 3560 \Device\Harddisk0\DR0:
18:52:49.0168 3560 MBR used
18:52:49.0168 3560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
18:52:49.0200 3560 Initialize success
18:52:49.0200 3560 ============================================================
18:53:10.0997 2552 ============================================================
18:53:10.0997 2552 Scan started
18:53:10.0997 2552 Mode: Manual;
18:53:10.0997 2552 ============================================================
18:53:11.0434 2552 2287729drv (cd40157a1a5cddc6ca219ab14a17692a) C:\WINDOWS\system32\DRIVERS\2287729drv.sys
18:53:11.0450 2552 2287729drv - ok
18:53:11.0481 2552 Abiosdsk - ok
18:53:11.0512 2552 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:53:11.0559 2552 abp480n5 - ok
18:53:11.0606 2552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:53:11.0606 2552 ACPI - ok
18:53:11.0653 2552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:53:11.0653 2552 ACPIEC - ok
18:53:11.0715 2552 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:53:11.0715 2552 adpu160m - ok
18:53:11.0778 2552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:53:11.0778 2552 aec - ok
18:53:11.0825 2552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:53:11.0840 2552 AFD - ok
18:53:11.0887 2552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:53:11.0887 2552 agp440 - ok
18:53:11.0934 2552 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:53:11.0934 2552 agpCPQ - ok
18:53:11.0950 2552 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:53:11.0950 2552 Aha154x - ok
18:53:11.0965 2552 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:53:11.0965 2552 aic78u2 - ok
18:53:11.0981 2552 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:53:11.0997 2552 aic78xx - ok
18:53:11.0997 2552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:53:11.0997 2552 AliIde - ok
18:53:12.0059 2552 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:53:12.0059 2552 alim1541 - ok
18:53:12.0075 2552 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:53:12.0075 2552 amdagp - ok
18:53:12.0090 2552 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:53:12.0090 2552 amsint - ok
18:53:12.0106 2552 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:53:12.0106 2552 asc - ok
18:53:12.0106 2552 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:53:12.0106 2552 asc3350p - ok
18:53:12.0122 2552 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:53:12.0122 2552 asc3550 - ok
18:53:12.0168 2552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:53:12.0168 2552 AsyncMac - ok
18:53:12.0215 2552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:53:12.0215 2552 atapi - ok
18:53:12.0215 2552 Atdisk - ok
18:53:12.0247 2552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:53:12.0247 2552 Atmarpc - ok
18:53:12.0278 2552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:53:12.0278 2552 audstub - ok
18:53:12.0309 2552 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
18:53:12.0309 2552 Avgfwdx - ok
18:53:12.0309 2552 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
18:53:12.0309 2552 Avgfwfd - ok
18:53:12.0340 2552 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:53:12.0340 2552 AVGIDSDriver - ok
18:53:12.0356 2552 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:53:12.0356 2552 AVGIDSEH - ok
18:53:12.0372 2552 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:53:12.0387 2552 AVGIDSFilter - ok
18:53:12.0387 2552 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:53:12.0387 2552 AVGIDSShim - ok
18:53:12.0418 2552 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:53:12.0418 2552 Avgldx86 - ok
18:53:12.0418 2552 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:53:12.0434 2552 Avgmfx86 - ok
18:53:12.0434 2552 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:53:12.0434 2552 Avgrkx86 - ok
18:53:12.0450 2552 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:53:12.0465 2552 Avgtdix - ok
18:53:12.0481 2552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:53:12.0481 2552 Beep - ok
18:53:12.0575 2552 catchme - ok
18:53:12.0606 2552 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:53:12.0606 2552 cbidf - ok
18:53:12.0606 2552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:53:12.0606 2552 cbidf2k - ok
18:53:12.0622 2552 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:53:12.0622 2552 cd20xrnt - ok
18:53:12.0653 2552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:53:12.0653 2552 Cdaudio - ok
18:53:12.0668 2552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:53:12.0668 2552 Cdfs - ok
18:53:12.0684 2552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:53:12.0684 2552 Cdrom - ok
18:53:12.0700 2552 Changer - ok
18:53:12.0747 2552 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:53:12.0747 2552 CmdIde - ok
18:53:12.0762 2552 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:53:12.0762 2552 Cpqarray - ok
18:53:12.0778 2552 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:53:12.0778 2552 dac2w2k - ok
18:53:12.0793 2552 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:53:12.0793 2552 dac960nt - ok
18:53:12.0840 2552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:53:12.0840 2552 Disk - ok
18:53:12.0840 2552 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
18:53:12.0840 2552 DLABMFSM - ok
18:53:12.0856 2552 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
18:53:12.0856 2552 DLABOIOM - ok
18:53:12.0856 2552 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:53:12.0856 2552 DLACDBHM - ok
18:53:12.0872 2552 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
18:53:12.0872 2552 DLADResM - ok
18:53:12.0872 2552 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
18:53:12.0887 2552 DLAIFS_M - ok
18:53:12.0887 2552 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
18:53:12.0887 2552 DLAOPIOM - ok
18:53:12.0903 2552 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
18:53:12.0903 2552 DLAPoolM - ok
18:53:12.0918 2552 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:53:12.0918 2552 DLARTL_M - ok
18:53:12.0918 2552 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
18:53:12.0918 2552 DLAUDFAM - ok
18:53:12.0934 2552 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
18:53:12.0934 2552 DLAUDF_M - ok
18:53:12.0981 2552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:53:12.0997 2552 dmboot - ok
18:53:13.0028 2552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:53:13.0028 2552 dmio - ok
18:53:13.0043 2552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:53:13.0043 2552 dmload - ok
18:53:13.0059 2552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:53:13.0059 2552 DMusic - ok
18:53:13.0106 2552 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:53:13.0106 2552 dpti2o - ok
18:53:13.0137 2552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:53:13.0137 2552 drmkaud - ok
18:53:13.0153 2552 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:53:13.0153 2552 DRVMCDB - ok
18:53:13.0168 2552 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:53:13.0168 2552 DRVNDDM - ok
18:53:13.0200 2552 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:53:13.0200 2552 E100B - ok
18:53:13.0231 2552 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:53:13.0231 2552 e1express - ok
18:53:13.0262 2552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:53:13.0278 2552 Fastfat - ok
18:53:13.0293 2552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:53:13.0293 2552 Fdc - ok
18:53:13.0325 2552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:53:13.0325 2552 Fips - ok
18:53:13.0372 2552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:53:13.0372 2552 Flpydisk - ok
18:53:13.0418 2552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:53:13.0418 2552 FltMgr - ok
18:53:13.0450 2552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:53:13.0450 2552 Fs_Rec - ok
18:53:13.0481 2552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:53:13.0481 2552 Ftdisk - ok
18:53:13.0512 2552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:53:13.0512 2552 GEARAspiWDM - ok
18:53:13.0575 2552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:53:13.0575 2552 Gpc - ok
18:53:13.0637 2552 gUSBSTOi - ok
18:53:13.0668 2552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:53:13.0668 2552 HDAudBus - ok
18:53:13.0715 2552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:53:13.0715 2552 HidUsb - ok
18:53:13.0747 2552 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:53:13.0747 2552 hpn - ok
18:53:13.0778 2552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:53:13.0793 2552 HTTP - ok
18:53:13.0840 2552 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:53:13.0840 2552 i2omgmt - ok
18:53:13.0856 2552 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:53:13.0872 2552 i2omp - ok
18:53:13.0887 2552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:53:13.0887 2552 i8042prt - ok
18:53:14.0059 2552 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:53:14.0184 2552 ialm - ok
18:53:14.0231 2552 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
18:53:14.0231 2552 iaStor - ok
18:53:14.0278 2552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:53:14.0278 2552 Imapi - ok
18:53:14.0309 2552 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:53:14.0309 2552 ini910u - ok
18:53:14.0450 2552 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:53:14.0559 2552 IntcAzAudAddService - ok
18:53:14.0606 2552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:53:14.0606 2552 IntelIde - ok
18:53:14.0637 2552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:53:14.0637 2552 intelppm - ok
18:53:14.0668 2552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:53:14.0668 2552 Ip6Fw - ok
18:53:14.0684 2552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:53:14.0684 2552 IpFilterDriver - ok
18:53:14.0684 2552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:53:14.0700 2552 IpInIp - ok
18:53:14.0731 2552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:53:14.0731 2552 IpNat - ok
18:53:14.0747 2552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:53:14.0747 2552 IPSec - ok
18:53:14.0778 2552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:53:14.0793 2552 IRENUM - ok
18:53:14.0809 2552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:53:14.0809 2552 isapnp - ok
18:53:14.0825 2552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:53:14.0825 2552 Kbdclass - ok
18:53:14.0825 2552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:53:14.0825 2552 kbdhid - ok
18:53:14.0856 2552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:53:14.0856 2552 kmixer - ok
18:53:14.0887 2552 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
18:53:14.0887 2552 KMWDFILTER - ok
18:53:14.0918 2552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:53:14.0918 2552 KSecDD - ok
18:53:14.0934 2552 lbrtfdc - ok
18:53:14.0965 2552 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:53:14.0965 2552 MBAMProtector - ok
18:53:14.0997 2552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:53:14.0997 2552 mnmdd - ok
18:53:15.0028 2552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:53:15.0028 2552 Modem - ok
18:53:15.0059 2552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:53:15.0059 2552 Mouclass - ok
18:53:15.0075 2552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:53:15.0075 2552 mouhid - ok
18:53:15.0106 2552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:53:15.0106 2552 MountMgr - ok
18:53:15.0137 2552 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:53:15.0137 2552 mraid35x - ok
18:53:15.0153 2552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:53:15.0153 2552 MRxDAV - ok
18:53:15.0168 2552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:53:15.0168 2552 Msfs - ok
18:53:15.0200 2552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:53:15.0200 2552 MSKSSRV - ok
18:53:15.0215 2552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:53:15.0215 2552 MSPCLOCK - ok
18:53:15.0231 2552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:53:15.0231 2552 MSPQM - ok
18:53:15.0262 2552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:53:15.0262 2552 mssmbios - ok
18:53:15.0293 2552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:53:15.0293 2552 Mup - ok
18:53:15.0309 2552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:53:15.0309 2552 NDIS - ok
18:53:15.0325 2552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:53:15.0340 2552 NdisTapi - ok
18:53:15.0356 2552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:53:15.0356 2552 Ndisuio - ok
18:53:15.0372 2552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:53:15.0372 2552 NdisWan - ok
18:53:15.0387 2552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:53:15.0387 2552 NDProxy - ok
18:53:15.0403 2552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:53:15.0403 2552 NetBIOS - ok
18:53:15.0434 2552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:53:15.0434 2552 NetBT - ok
18:53:15.0450 2552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:53:15.0450 2552 Npfs - ok
18:53:15.0465 2552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:53:15.0481 2552 Ntfs - ok
18:53:15.0497 2552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:53:15.0497 2552 Null - ok
18:53:15.0778 2552 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:53:16.0090 2552 nv - ok
18:53:16.0184 2552 NVHDA (311d7c3c8fc53f47f03df9633c0e1498) C:\WINDOWS\system32\drivers\nvhda32.sys
18:53:16.0200 2552 NVHDA - ok
18:53:16.0278 2552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:53:16.0278 2552 NwlnkFlt - ok
18:53:16.0340 2552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:53:16.0340 2552 NwlnkFwd - ok
18:53:16.0403 2552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:53:16.0403 2552 Parport - ok
18:53:16.0434 2552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:53:16.0434 2552 PartMgr - ok
18:53:16.0465 2552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:53:16.0465 2552 ParVdm - ok
18:53:16.0497 2552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:53:16.0497 2552 PCI - ok
18:53:16.0497 2552 PCIDump - ok
18:53:16.0528 2552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:53:16.0528 2552 PCIIde - ok
18:53:16.0543 2552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:53:16.0543 2552 Pcmcia - ok
18:53:16.0559 2552 PDCOMP - ok
18:53:16.0590 2552 PDFRAME - ok
18:53:16.0590 2552 PDRELI - ok
18:53:16.0606 2552 PDRFRAME - ok
18:53:16.0653 2552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:53:16.0653 2552 perc2 - ok
18:53:16.0653 2552 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:53:16.0653 2552 perc2hib - ok
18:53:16.0715 2552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:53:16.0715 2552 PptpMiniport - ok
18:53:16.0715 2552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:53:16.0731 2552 PSched - ok
18:53:16.0731 2552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:53:16.0731 2552 Ptilink - ok
18:53:16.0793 2552 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:53:16.0793 2552 PxHelp20 - ok
18:53:16.0825 2552 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:53:16.0825 2552 ql1080 - ok
18:53:16.0840 2552 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:53:16.0840 2552 Ql10wnt - ok
18:53:16.0856 2552 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:53:16.0856 2552 ql12160 - ok
18:53:16.0872 2552 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:53:16.0872 2552 ql1240 - ok
18:53:16.0872 2552 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:53:16.0872 2552 ql1280 - ok
18:53:16.0903 2552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:53:16.0903 2552 RasAcd - ok
18:53:16.0918 2552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:53:16.0934 2552 Rasl2tp - ok
18:53:16.0934 2552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:53:16.0934 2552 RasPppoe - ok
18:53:16.0950 2552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:53:16.0950 2552 Raspti - ok
18:53:16.0965 2552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:53:16.0965 2552 Rdbss - ok
18:53:16.0981 2552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:53:16.0981 2552 RDPCDD - ok
18:53:17.0012 2552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:53:17.0012 2552 rdpdr - ok
18:53:17.0075 2552 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:53:17.0075 2552 RDPWD - ok
18:53:17.0106 2552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:53:17.0106 2552 redbook - ok
18:53:17.0168 2552 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:53:17.0184 2552 SASDIFSV - ok
18:53:17.0200 2552 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:53:17.0200 2552 SASKUTIL - ok
18:53:17.0278 2552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:53:17.0278 2552 Secdrv - ok
18:53:17.0356 2552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:53:17.0356 2552 serenum - ok
18:53:17.0403 2552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:53:17.0403 2552 Serial - ok
18:53:17.0418 2552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:53:17.0418 2552 Sfloppy - ok
18:53:17.0434 2552 Simbad - ok
18:53:17.0481 2552 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:53:17.0481 2552 sisagp - ok
18:53:17.0497 2552 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:53:17.0497 2552 Sparrow - ok
18:53:17.0528 2552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:53:17.0528 2552 splitter - ok
18:53:17.0575 2552 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
18:53:17.0575 2552 sptd - ok
18:53:17.0590 2552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:53:17.0590 2552 sr - ok
18:53:17.0637 2552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:53:17.0637 2552 Srv - ok
18:53:17.0668 2552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:53:17.0668 2552 swenum - ok
18:53:17.0684 2552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:53:17.0684 2552 swmidi - ok
18:53:17.0684 2552 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:53:17.0700 2552 symc810 - ok
18:53:17.0731 2552 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:53:17.0731 2552 symc8xx - ok
18:53:17.0747 2552 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:53:17.0747 2552 sym_hi - ok
18:53:17.0747 2552 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:53:17.0747 2552 sym_u3 - ok
18:53:17.0778 2552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:53:17.0778 2552 sysaudio - ok
18:53:17.0809 2552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:53:17.0825 2552 Tcpip - ok
18:53:17.0856 2552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:53:17.0856 2552 TDPIPE - ok
18:53:17.0872 2552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:53:17.0887 2552 TDTCP - ok
18:53:17.0903 2552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:53:17.0903 2552 TermDD - ok
18:53:17.0934 2552 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:53:17.0950 2552 TosIde - ok
18:53:17.0965 2552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:53:17.0965 2552 Udfs - ok
18:53:17.0981 2552 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:53:17.0981 2552 ultra - ok
18:53:18.0028 2552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:53:18.0043 2552 Update - ok
18:53:18.0075 2552 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:53:18.0075 2552 USBAAPL - ok
18:53:18.0106 2552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:53:18.0106 2552 usbccgp - ok
18:53:18.0122 2552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:53:18.0122 2552 usbehci - ok
18:53:18.0137 2552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:53:18.0137 2552 usbhub - ok
18:53:18.0153 2552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:53:18.0168 2552 usbprint - ok
18:53:18.0200 2552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:53:18.0200 2552 usbscan - ok
18:53:18.0231 2552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:53:18.0231 2552 USBSTOR - ok
18:53:18.0262 2552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:53:18.0262 2552 usbuhci - ok
18:53:18.0278 2552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:53:18.0278 2552 VgaSave - ok
18:53:18.0325 2552 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:53:18.0325 2552 viaagp - ok
18:53:18.0372 2552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:53:18.0372 2552 ViaIde - ok
18:53:18.0403 2552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:53:18.0403 2552 VolSnap - ok
18:53:18.0418 2552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:53:18.0418 2552 Wanarp - ok
18:53:18.0434 2552 WDICA - ok
18:53:18.0450 2552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:53:18.0450 2552 wdmaud - ok
18:53:18.0543 2552 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:53:18.0543 2552 WpdUsb - ok
18:53:18.0543 2552 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:53:18.0543 2552 WS2IFSL - ok
18:53:18.0590 2552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:53:18.0590 2552 WudfPf - ok
18:53:18.0622 2552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:53:18.0622 2552 WudfRd - ok
18:53:18.0684 2552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:53:18.0715 2552 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:53:18.0715 2552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:53:18.0747 2552 Boot (0x1200) (94e1cf5942917e5dc1947d36fdeb5d53) \Device\Harddisk0\DR0\Partition0
18:53:18.0747 2552 \Device\Harddisk0\DR0\Partition0 - ok
18:53:18.0747 2552 ============================================================
18:53:18.0747 2552 Scan finished
18:53:18.0747 2552 ============================================================
18:53:18.0762 1520 Detected object count: 1
18:53:18.0762 1520 Actual detected object count: 1
18:53:51.0934 1520 \Device\Harddisk0\DR0\# - copied to quarantine
18:53:51.0934 1520 \Device\Harddisk0\DR0 - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:53:52.0028 1520 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:53:52.0075 1520 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:53:52.0122 1520 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:53:52.0137 1520 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:53:52.0137 1520 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:53:52.0137 1520 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:53:52.0137 1520 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:53:52.0137 1520 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
18:53:52.0153 1520 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
18:53:52.0168 1520 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
18:53:52.0450 1520 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
18:53:52.0590 1520 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
18:53:52.0590 1520 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
18:53:52.0590 1520 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:53:52.0606 1520 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
18:53:52.0637 1520 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
18:53:52.0653 1520 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:53:52.0653 1520 \Device\Harddisk0\DR0 - ok
18:53:52.0653 1520 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:54:19.0372 2324 Deinitialize success

#10 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 29 February 2012 - 07:23 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 19:00:48
-----------------------------
19:00:48.875 OS Version: Windows 5.1.2600 Service Pack 3
19:00:48.875 Number of processors: 2 586 0xF0D
19:00:48.875 ComputerName: ONYXIA UserName: Justin
19:00:49.609 Initialize success
19:02:17.328 AVAST engine defs: 12022901
19:03:55.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:03:55.343 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
19:03:55.359 Disk 0 MBR read successfully
19:03:55.359 Disk 0 MBR scan
19:03:55.421 Disk 0 Windows XP default MBR code
19:03:55.437 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:03:55.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455
19:03:55.453 Disk 0 scanning sectors +312496380
19:03:55.531 Disk 0 scanning C:\WINDOWS\system32\drivers
19:04:06.437 Service scanning
19:04:21.484 Modules scanning
19:04:25.609 Disk 0 trace - called modules:
19:04:25.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:04:25.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae29ab8]
19:04:25.640 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8ae56030]
19:04:25.640 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae19d98]
19:04:26.140 AVAST engine scan C:\WINDOWS
19:04:36.312 AVAST engine scan C:\WINDOWS\system32
19:07:17.953 AVAST engine scan C:\WINDOWS\system32\drivers
19:07:36.218 AVAST engine scan C:\Documents and Settings\Justin
19:11:02.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
19:11:02.515 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR.txt"



Thank you for all the quick replies!

Edited by LorelaiW, 29 February 2012 - 07:42 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 01 March 2012 - 12:52 PM

Hello


I would like you to try and run combofix now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 02 March 2012 - 09:17 AM

I've tried to run ComboFix a couple times, it gets a little further but still no completion. It does all the same things as before but now it calls for a reboot. After the reboot, ComboFix comes up and says it is preparing to run but never gets any further. It doesn't freeze the computer as I am able to close it without any problems but even leaving it overnight, it didn't get further than preparing to run.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 02 March 2012 - 01:57 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 05 March 2012 - 01:49 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LorelaiW

LorelaiW
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 05 March 2012 - 04:41 PM

Sorry for the delay, just had a busy weekend.

Here's the ComboFix log from Safe Mode:

ComboFix 12-03-01.01 - Justin 03/05/2012 9:49.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2796 [GMT -5:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: AV Security Essentials *Enabled/Updated* {7B553E67-8637-43AF-9C70-4852202DE8DC}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AV Security Essentials *Enabled* {2875B9F1-77F4-41A3-A1F9-500C22C5F45E}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\79990e
c:\documents and settings\All Users\Application Data\79990e\47.mof
c:\documents and settings\All Users\Application Data\79990e\AVSE.ico
c:\documents and settings\All Users\Application Data\79990e\AVSecutity.exe
c:\documents and settings\All Users\Application Data\79990e\BackUp\Dropbox.lnk
c:\documents and settings\All Users\Application Data\79990e\mozcrt19.dll
c:\documents and settings\All Users\Application Data\79990e\sqlite3.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET145.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-02-29 23:53 . 2012-02-29 23:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-29 15:25 . 2012-02-29 15:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-29 15:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-29 15:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 03:03 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-29 03:03 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\dllcache\acpi.sys
2012-02-24 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 18:46 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-21 18:46 . 2012-02-16 14:40 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-21 18:46 . 2012-02-16 14:40 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-21 18:46 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-21 18:46 . 2012-02-16 14:40 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-21 18:46 . 2012-02-16 14:40 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-21 18:46 . 2012-02-16 14:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-21 18:46 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 18:46 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 18:46 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-21 18:46 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-21 18:46 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-20 00:07 . 2012-02-20 00:07 -------- d-----w- c:\documents and settings\Justin\Application Data\SUPERAntiSpyware.com
2012-02-20 00:03 . 2012-02-20 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-20 00:03 . 2012-02-20 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-19 23:53 . 2004-03-09 18:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2012-02-19 23:53 . 2000-05-22 22:00 203976 ----a-w- c:\windows\system32\richtx32.ocx
2012-02-19 23:53 . 1998-06-24 18:00 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2012-02-19 23:53 . 1998-06-24 18:00 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-02-19 23:53 . 2001-10-04 19:13 3584 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\comcat.dll
2012-02-19 23:53 . 2001-10-04 18:16 1338880 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\shdocvw.dll
2012-02-19 23:53 . 1999-06-11 04:34 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-02-19 23:45 . 2012-02-20 08:04 475736 ----a-w- c:\windows\system32\drivers\2287729drv.sys
2012-02-19 23:28 . 2012-02-19 23:28 -------- d-----w- C:\kleaner.tmp
2012-02-19 23:07 . 2012-02-19 23:07 -------- d-----w- C:\_OTL
2012-02-19 22:24 . 2012-02-19 22:24 388096 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 22:24 . 2012-02-19 22:24 -------- d-----w- c:\program files\Trend Micro
2012-02-16 21:25 . 2012-02-16 21:25 -------- d-----w- C:\$AVG
2012-02-16 21:00 . 2012-02-16 21:00 -------- d-----w- c:\documents and settings\Justin\Application Data\AVG2012
2012-02-16 20:59 . 2012-02-16 20:59 -------- d-----w- c:\documents and settings\Justin\Application Data\AVG Secure Search
2012-02-16 20:59 . 2012-02-16 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-02-16 20:59 . 2012-02-16 20:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-16 20:59 . 2012-02-16 20:59 -------- d-----w- c:\program files\AVG Secure Search
2012-02-16 20:57 . 2012-03-02 23:00 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-16 20:57 . 2012-02-16 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-16 20:53 . 2012-02-16 20:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-16 20:52 . 2012-03-03 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-15 23:46 . 2012-03-01 00:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-15 23:46 . 2012-03-01 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-13 00:10 . 2012-02-13 00:11 -------- d-sh--w- c:\documents and settings\Justin\Application Data\AV Security Essentials
2012-02-13 00:10 . 2012-02-13 00:10 -------- d-sh--w- c:\documents and settings\All Users\Application Data\AVDLBXSE
2012-02-11 14:07 . 2012-02-23 03:41 -------- d-----w- c:\program files\StarCraft II
2012-02-08 22:18 . 2012-02-08 22:18 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2011-01-02 03:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2004-08-10 16:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-31 18:46 . 2011-12-31 18:46 1984 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-12-17 19:46 . 2004-08-10 16:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-16 14:40 . 2012-02-21 18:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-16 20:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Justin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Justin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Justin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Justin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-07-31 283792]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-16 939872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADcAMQAyADEANwAzADcALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQAMwAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA&prod=90&ver=9.0.872" [?]
.
c:\documents and settings\Justin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Justin\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Justin\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\ASUS\\Data Sync Station\\Clotho.exe"=
"c:\\Program Files\\ASUS\\Data Sync Station\\Bragi.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Justin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\DC Universe Online Live\\UNREAL3\\BINARIES\\WIN32\\DCGAME.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9322:TCP"= 9322:TCP:EKDiscovery
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S1 2287729drv;2287729drv;c:\windows\system32\drivers\2287729drv.sys [2/19/2012 6:45 PM 475736]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [11/23/2011 2:36 AM 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 3:52 AM 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [5/17/2010 1:24 PM 308592]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2008 8:39 AM 24652]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2/16/2012 3:59 PM 909152]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/10/2004 11:51 AM 14336]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 3:52 AM 135664]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Justin\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Justin\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2012 7:17 PM 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/8/2011 3:54 PM 100712]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2012 7:17 PM 652360]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2009 9:50 PM 691696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 08:52]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 08:52]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325290577-829024472-3029873188-1007Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 21:27]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325290577-829024472-3029873188-1007UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 21:27]
.
2012-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\or7aap3z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-05-2010&tb_mrud=14-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B347574e6-28bf-4093-9e3f-5402a26d4039%7D&mid=628f055a4ee247d18ccdd1544f6ae62a-ff56b62024a2e673b29bfe1f8a77c8b3b367a441&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-02-16%2015%3A59%3A20&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.120.0\HotbarSA.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.120.0\Weather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-05 10:56:01
ComboFix-quarantined-files.txt 2012-03-05 15:55
.
Pre-Run: 37,527,367,680 bytes free
Post-Run: 39,743,483,904 bytes free
.
- - End Of File - - 1813B3DD44F0A33B2B11A23A2D2FC167




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users