Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit and Hijacker, Browser redirects, System freezez


  • This topic is locked This topic is locked
16 replies to this topic

#1 KendallSilver

KendallSilver

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 03 March 2012 - 03:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Susan London at 14:18:04 on 2012-03-03
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
BHO: ElnkBhoGuard Class: {00000000-0000-0000-0000-000000000002} - c:\program files\earthlink totalaccess\toolbar\toolbar\EScamBlk.dll
BHO: ElnkScamBHO Class: {15f4d456-5baa-4076-8486-eecb38cd3e57} - c:\program files\earthlink totalaccess\toolbar\toolbar\EScamBlk.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink totalaccess\toolbar\toolbar\ElnkPub.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink totalaccess\toolbar\toolbar\ProtctIE.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink totalaccess\toolbar\toolbar\uninsttb.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\toolbar\Toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\toolbar\SearchUI.dll/search.html
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171841063812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BAB91783-D70E-4743-B7DC-CBC133DBB2F0} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\susan london.d6fkh1c1\application data\mozilla\firefox\profiles\6g0uvf4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-02 04:21:27 -------- d-----w- C:\ComboFix
2012-03-02 01:31:55 -------- d-sha-r- C:\cmdcons
2012-03-02 01:29:07 98816 ----a-w- c:\windows\sed.exe
2012-03-02 01:29:07 518144 ----a-w- c:\windows\SWREG.exe
2012-03-02 01:29:07 256000 ----a-w- c:\windows\PEV.exe
2012-03-02 01:29:07 208896 ----a-w- c:\windows\MBR.exe
2012-02-27 05:32:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-27 05:32:35 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-22 00:42:10 -------- d-----w- C:\spoolerlogs
2012-02-05 20:28:07 -------- d--h--w- c:\windows\PIF
2012-02-05 20:26:17 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-05 20:26:17 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-05 20:23:48 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-02-05 20:23:48 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-02-05 20:23:47 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-02-05 19:39:37 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-02-05 19:39:37 1266056 ----a-w- C:\WindowsXP-KB927891.exe
2012-02-05 19:39:37 -------- d-----w- C:\fix_svchost
.
==================== Find3M ====================
.
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5D349F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5da738]; MOV EAX, [0x8a5da8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A70DAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A5CF928]
\Driver\atapi[0x8A5F5BD8] -> IRP_MJ_CREATE -> 0x8A5D349F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5D32C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:19:51.37 ===============

I have been trying to clean up this system for a week now, it gets to where all the scans come up clean and it seems to be ok, but the browser still redirects and the system freezes after about 25-40 min usually having to be "cold shutdown"... I had AVG FREE 2012 but removed it because combo fix was not playing nice, I plan on reinstalling it at some point... This system was previously infected with a version of the Rogue Antivirus stuff... and I think that is where all this started. I had previously used Trojan Killer v2.1 to remove that, but I guess it missed some stuff.

Attached Files


Edited by KendallSilver, 03 March 2012 - 04:05 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 04 March 2012 - 02:36 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 March 2012 - 04:02 PM

ComboFix 12-03-01.02 - Susan London 03/04/2012 13:51:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1626 [GMT -6:00]
Running from: I:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-02-27 05:32 . 2012-03-02 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-27 05:32 . 2012-02-27 06:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-27 03:15 . 2012-02-27 03:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2012-02-25 22:38 . 2012-02-25 22:38 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-02-25 22:37 . 2012-02-25 22:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-22 00:42 . 2012-02-22 00:42 -------- d-----w- C:\spoolerlogs
2012-02-12 22:24 . 2012-02-12 22:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2012-02-12 22:24 . 2012-02-12 22:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-05 20:28 . 2012-02-05 20:28 -------- d--h--w- c:\windows\PIF
2012-02-05 20:26 . 2012-02-05 20:50 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-05 20:26 . 2012-02-05 20:26 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-05 20:23 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-02-05 20:23 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-02-05 20:23 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-02-05 19:39 . 2012-02-05 19:39 -------- d-----w- C:\fix_svchost
2012-02-05 19:39 . 2012-02-05 19:32 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-02-05 19:39 . 2012-02-05 19:31 1266056 ----a-w- C:\WindowsXP-KB927891.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2012-01-02 16:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 14:40 . 2012-02-27 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_01.47.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-04 19:47 . 2012-03-04 19:47 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2008-03-19 23:39 951784 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 11:14 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 11:14 AM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:14]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Susan London.D6FKH1C1\Application Data\Mozilla\Firefox\Profiles\6g0uvf4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5CB2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2994972206-396433579-3571087905-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\WININET.dll
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-04 14:06:31
ComboFix-quarantined-files.txt 2012-03-04 20:06
ComboFix2.txt 2012-03-02 04:44
ComboFix3.txt 2012-03-02 01:52
.
Pre-Run: 53,110,329,344 bytes free
Post-Run: 53,378,748,416 bytes free
.
- - End Of File - - CB4185AD571A5F5DA688F714923570F1


This is the ComboFix log... the browser is still hijacked but the system has not crashed yet, so that's an improvement.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 04 March 2012 - 04:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 March 2012 - 10:33 PM

21:01:35.0890 2416 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:01:36.0234 2416 ============================================================
21:01:36.0234 2416 Current date / time: 2012/03/04 21:01:36.0234
21:01:36.0234 2416 SystemInfo:
21:01:36.0234 2416
21:01:36.0234 2416 OS Version: 5.1.2600 ServicePack: 3.0
21:01:36.0234 2416 Product type: Workstation
21:01:36.0234 2416 ComputerName: D6FKH1C1
21:01:36.0234 2416 UserName: Susan London
21:01:36.0234 2416 Windows directory: C:\WINDOWS
21:01:36.0234 2416 System windows directory: C:\WINDOWS
21:01:36.0234 2416 Processor architecture: Intel x86
21:01:36.0234 2416 Number of processors: 2
21:01:36.0234 2416 Page size: 0x1000
21:01:36.0234 2416 Boot type: Normal boot
21:01:36.0234 2416 ============================================================
21:01:43.0609 2416 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:01:43.0718 2416 Drive \Device\Harddisk5\DR12 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:01:43.0718 2416 \Device\Harddisk0\DR0:
21:01:43.0718 2416 MBR used
21:01:43.0718 2416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8B966D7
21:01:43.0718 2416 \Device\Harddisk5\DR12:
21:01:43.0734 2416 MBR used
21:01:43.0734 2416 \Device\Harddisk5\DR12\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080
21:01:44.0140 2416 Initialize success
21:01:44.0140 2416 ============================================================
21:01:49.0640 1184 ============================================================
21:01:49.0640 1184 Scan started
21:01:49.0640 1184 Mode: Manual;
21:01:49.0640 1184 ============================================================
21:01:53.0750 1184 Abiosdsk - ok
21:01:53.0796 1184 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:01:53.0796 1184 abp480n5 - ok
21:01:53.0843 1184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:53.0843 1184 ACPI - ok
21:01:53.0875 1184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:01:53.0875 1184 ACPIEC - ok
21:01:53.0921 1184 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:01:53.0921 1184 adpu160m - ok
21:01:54.0062 1184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:01:54.0078 1184 aec - ok
21:01:54.0125 1184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:01:54.0125 1184 AFD - ok
21:01:54.0171 1184 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:01:54.0171 1184 agp440 - ok
21:01:54.0218 1184 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:01:54.0234 1184 agpCPQ - ok
21:01:54.0593 1184 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:01:54.0593 1184 Aha154x - ok
21:01:54.0625 1184 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:01:54.0625 1184 aic78u2 - ok
21:01:54.0640 1184 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:01:54.0640 1184 aic78xx - ok
21:01:54.0656 1184 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:01:54.0656 1184 AliIde - ok
21:01:54.0687 1184 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:01:54.0687 1184 alim1541 - ok
21:01:54.0843 1184 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:01:54.0843 1184 amdagp - ok
21:01:54.0875 1184 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:01:54.0875 1184 amsint - ok
21:01:55.0062 1184 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:01:55.0062 1184 asc - ok
21:01:55.0109 1184 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:01:55.0125 1184 asc3350p - ok
21:01:55.0187 1184 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:01:55.0187 1184 asc3550 - ok
21:01:55.0250 1184 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:01:55.0250 1184 ASCTRM - ok
21:01:55.0328 1184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:55.0328 1184 AsyncMac - ok
21:01:55.0359 1184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:55.0359 1184 atapi - ok
21:01:55.0390 1184 Atdisk - ok
21:01:55.0437 1184 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:01:55.0453 1184 ati2mtag - ok
21:01:55.0593 1184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:55.0593 1184 Atmarpc - ok
21:01:55.0640 1184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:55.0640 1184 audstub - ok
21:01:55.0656 1184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:01:55.0656 1184 Beep - ok
21:01:55.0671 1184 bvrp_pci - ok
21:01:55.0812 1184 catchme - ok
21:01:55.0906 1184 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:01:55.0906 1184 cbidf - ok
21:01:55.0906 1184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:55.0906 1184 cbidf2k - ok
21:01:55.0953 1184 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:01:55.0953 1184 cd20xrnt - ok
21:01:55.0984 1184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:55.0984 1184 Cdaudio - ok
21:01:56.0046 1184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:56.0078 1184 Cdfs - ok
21:01:56.0125 1184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:56.0125 1184 Cdrom - ok
21:01:56.0171 1184 Changer - ok
21:01:56.0375 1184 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:01:56.0375 1184 CmdIde - ok
21:01:56.0437 1184 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:01:56.0437 1184 Cpqarray - ok
21:01:56.0468 1184 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:01:56.0484 1184 dac2w2k - ok
21:01:56.0500 1184 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:01:56.0500 1184 dac960nt - ok
21:01:56.0750 1184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:56.0750 1184 Disk - ok
21:01:56.0781 1184 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:01:56.0796 1184 DLABOIOM - ok
21:01:56.0796 1184 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:01:56.0796 1184 DLACDBHM - ok
21:01:56.0812 1184 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:01:56.0812 1184 DLADResN - ok
21:01:56.0828 1184 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:01:56.0828 1184 DLAIFS_M - ok
21:01:56.0843 1184 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:01:56.0843 1184 DLAOPIOM - ok
21:01:56.0843 1184 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:01:56.0859 1184 DLAPoolM - ok
21:01:56.0875 1184 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:01:56.0875 1184 DLARTL_N - ok
21:01:56.0890 1184 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:01:56.0890 1184 DLAUDFAM - ok
21:01:56.0906 1184 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:01:56.0906 1184 DLAUDF_M - ok
21:01:56.0953 1184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:01:56.0953 1184 dmboot - ok
21:01:57.0078 1184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:01:57.0078 1184 dmio - ok
21:01:57.0109 1184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:01:57.0109 1184 dmload - ok
21:01:57.0140 1184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:01:57.0156 1184 DMusic - ok
21:01:57.0203 1184 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:01:57.0203 1184 dpti2o - ok
21:01:57.0328 1184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:57.0328 1184 drmkaud - ok
21:01:57.0375 1184 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:01:57.0390 1184 DRVMCDB - ok
21:01:57.0453 1184 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:01:57.0453 1184 DRVNDDM - ok
21:01:57.0546 1184 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:01:57.0546 1184 DSproct - ok
21:01:57.0671 1184 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:01:57.0671 1184 E100B - ok
21:01:57.0765 1184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:57.0765 1184 Fastfat - ok
21:01:57.0796 1184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:01:57.0796 1184 Fdc - ok
21:01:57.0828 1184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:01:57.0828 1184 Fips - ok
21:01:57.0859 1184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:01:57.0859 1184 Flpydisk - ok
21:01:57.0968 1184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:57.0968 1184 FltMgr - ok
21:01:58.0000 1184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:58.0000 1184 Fs_Rec - ok
21:01:58.0031 1184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:58.0046 1184 Ftdisk - ok
21:01:58.0109 1184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:58.0109 1184 Gpc - ok
21:01:58.0156 1184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:01:58.0156 1184 HDAudBus - ok
21:01:58.0296 1184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:58.0296 1184 HidUsb - ok
21:01:58.0343 1184 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:01:58.0343 1184 hpn - ok
21:01:58.0390 1184 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:01:58.0390 1184 HSFHWBS2 - ok
21:01:58.0453 1184 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:01:58.0468 1184 HSF_DP - ok
21:01:58.0593 1184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:58.0593 1184 HTTP - ok
21:01:58.0656 1184 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:01:58.0656 1184 i2omgmt - ok
21:01:58.0703 1184 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:01:58.0703 1184 i2omp - ok
21:01:58.0718 1184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:58.0718 1184 i8042prt - ok
21:01:58.0859 1184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:58.0906 1184 Imapi - ok
21:01:58.0937 1184 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:01:58.0937 1184 ini910u - ok
21:01:59.0000 1184 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:01:59.0000 1184 IntelIde - ok
21:01:59.0046 1184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:59.0046 1184 intelppm - ok
21:01:59.0078 1184 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:59.0078 1184 Ip6Fw - ok
21:01:59.0109 1184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:59.0109 1184 IpFilterDriver - ok
21:01:59.0218 1184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:59.0234 1184 IpInIp - ok
21:01:59.0250 1184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:59.0250 1184 IpNat - ok
21:01:59.0296 1184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:59.0296 1184 IPSec - ok
21:01:59.0328 1184 IPVNMon - ok
21:01:59.0343 1184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:59.0343 1184 IRENUM - ok
21:01:59.0390 1184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:59.0390 1184 isapnp - ok
21:01:59.0421 1184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:59.0421 1184 Kbdclass - ok
21:01:59.0437 1184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:01:59.0437 1184 kbdhid - ok
21:01:59.0468 1184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:01:59.0468 1184 kmixer - ok
21:01:59.0562 1184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:59.0562 1184 KSecDD - ok
21:01:59.0578 1184 lbrtfdc - ok
21:01:59.0625 1184 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:01:59.0687 1184 mdmxsdk - ok
21:01:59.0718 1184 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:01:59.0718 1184 MHNDRV - ok
21:01:59.0750 1184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:59.0750 1184 mnmdd - ok
21:01:59.0812 1184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:01:59.0812 1184 Modem - ok
21:01:59.0875 1184 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:01:59.0875 1184 MODEMCSA - ok
21:01:59.0984 1184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:59.0984 1184 Mouclass - ok
21:02:00.0031 1184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:02:00.0031 1184 mouhid - ok
21:02:00.0078 1184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:02:00.0093 1184 MountMgr - ok
21:02:00.0125 1184 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:02:00.0140 1184 mraid35x - ok
21:02:00.0171 1184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:02:00.0187 1184 MRxDAV - ok
21:02:00.0296 1184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:02:00.0312 1184 MRxSmb - ok
21:02:00.0359 1184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:02:00.0359 1184 Msfs - ok
21:02:00.0375 1184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:02:00.0375 1184 MSKSSRV - ok
21:02:00.0406 1184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:02:00.0421 1184 MSPCLOCK - ok
21:02:00.0437 1184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:02:00.0437 1184 MSPQM - ok
21:02:00.0515 1184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:02:00.0515 1184 mssmbios - ok
21:02:00.0578 1184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:02:00.0578 1184 Mup - ok
21:02:00.0687 1184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:02:00.0703 1184 NDIS - ok
21:02:00.0781 1184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:02:00.0796 1184 NdisTapi - ok
21:02:00.0921 1184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:02:00.0921 1184 Ndisuio - ok
21:02:00.0968 1184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:02:00.0968 1184 NdisWan - ok
21:02:01.0015 1184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:02:01.0015 1184 NDProxy - ok
21:02:01.0078 1184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:02:01.0078 1184 NetBIOS - ok
21:02:01.0140 1184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:02:01.0140 1184 NetBT - ok
21:02:01.0265 1184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:02:01.0265 1184 Npfs - ok
21:02:01.0312 1184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:02:01.0328 1184 Ntfs - ok
21:02:01.0359 1184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:02:01.0359 1184 Null - ok
21:02:01.0453 1184 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:02:01.0468 1184 nv - ok
21:02:01.0609 1184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:02:01.0609 1184 NwlnkFlt - ok
21:02:01.0625 1184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:02:01.0625 1184 NwlnkFwd - ok
21:02:01.0640 1184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:02:01.0656 1184 Parport - ok
21:02:01.0687 1184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:02:01.0687 1184 PartMgr - ok
21:02:01.0718 1184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:02:01.0718 1184 ParVdm - ok
21:02:01.0750 1184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:02:01.0750 1184 PCI - ok
21:02:01.0750 1184 PCIDump - ok
21:02:01.0765 1184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:02:01.0765 1184 PCIIde - ok
21:02:01.0796 1184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:02:01.0796 1184 Pcmcia - ok
21:02:01.0875 1184 PDCOMP - ok
21:02:01.0906 1184 PDFRAME - ok
21:02:01.0921 1184 PDRELI - ok
21:02:01.0937 1184 PDRFRAME - ok
21:02:01.0968 1184 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:02:01.0968 1184 perc2 - ok
21:02:02.0031 1184 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:02:02.0031 1184 perc2hib - ok
21:02:02.0109 1184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:02:02.0109 1184 PptpMiniport - ok
21:02:02.0125 1184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:02:02.0125 1184 PSched - ok
21:02:02.0140 1184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:02:02.0140 1184 Ptilink - ok
21:02:02.0171 1184 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:02:02.0187 1184 PxHelp20 - ok
21:02:02.0281 1184 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:02:02.0296 1184 ql1080 - ok
21:02:02.0328 1184 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:02:02.0343 1184 Ql10wnt - ok
21:02:02.0375 1184 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:02:02.0421 1184 ql12160 - ok
21:02:02.0484 1184 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:02:02.0484 1184 ql1240 - ok
21:02:02.0500 1184 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:02:02.0500 1184 ql1280 - ok
21:02:02.0656 1184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:02:02.0656 1184 RasAcd - ok
21:02:02.0703 1184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:02:02.0703 1184 Rasl2tp - ok
21:02:02.0734 1184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:02:02.0734 1184 RasPppoe - ok
21:02:02.0765 1184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:02:02.0765 1184 Raspti - ok
21:02:02.0796 1184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:02:02.0796 1184 Rdbss - ok
21:02:02.0812 1184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:02:02.0812 1184 RDPCDD - ok
21:02:02.0828 1184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:02:02.0843 1184 rdpdr - ok
21:02:02.0890 1184 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:02:02.0890 1184 RDPWD - ok
21:02:02.0906 1184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:02:02.0906 1184 redbook - ok
21:02:02.0968 1184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:02:02.0968 1184 Secdrv - ok
21:02:03.0109 1184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:02:03.0109 1184 serenum - ok
21:02:03.0156 1184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:02:03.0156 1184 Serial - ok
21:02:03.0218 1184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:02:03.0218 1184 Sfloppy - ok
21:02:03.0234 1184 Simbad - ok
21:02:03.0250 1184 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:02:03.0250 1184 sisagp - ok
21:02:03.0312 1184 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:02:03.0312 1184 Sparrow - ok
21:02:03.0328 1184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:02:03.0343 1184 splitter - ok
21:02:03.0578 1184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:02:03.0578 1184 sr - ok
21:02:03.0609 1184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:02:03.0625 1184 Srv - ok
21:02:03.0687 1184 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
21:02:03.0703 1184 STHDA - ok
21:02:03.0718 1184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:02:03.0718 1184 swenum - ok
21:02:03.0843 1184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:02:03.0843 1184 swmidi - ok
21:02:03.0890 1184 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:02:03.0890 1184 symc810 - ok
21:02:03.0921 1184 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:02:03.0953 1184 symc8xx - ok
21:02:03.0984 1184 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:02:04.0015 1184 sym_hi - ok
21:02:04.0046 1184 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:02:04.0046 1184 sym_u3 - ok
21:02:04.0078 1184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:02:04.0078 1184 sysaudio - ok
21:02:04.0156 1184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:02:04.0171 1184 Tcpip - ok
21:02:04.0312 1184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:02:04.0312 1184 TDPIPE - ok
21:02:04.0343 1184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:02:04.0343 1184 TDTCP - ok
21:02:04.0390 1184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:02:04.0390 1184 TermDD - ok
21:02:04.0437 1184 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:02:04.0453 1184 TosIde - ok
21:02:04.0484 1184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:02:04.0484 1184 Udfs - ok
21:02:04.0609 1184 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:02:04.0609 1184 ultra - ok
21:02:04.0640 1184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:02:04.0656 1184 Update - ok
21:02:04.0703 1184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:02:04.0703 1184 usbccgp - ok
21:02:04.0718 1184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:02:04.0718 1184 usbehci - ok
21:02:04.0734 1184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:02:04.0734 1184 usbhub - ok
21:02:04.0796 1184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:02:04.0796 1184 usbprint - ok
21:02:04.0875 1184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:02:04.0875 1184 usbscan - ok
21:02:04.0937 1184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:02:04.0937 1184 USBSTOR - ok
21:02:04.0968 1184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:02:04.0968 1184 usbuhci - ok
21:02:05.0015 1184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:02:05.0015 1184 VgaSave - ok
21:02:05.0125 1184 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:02:05.0125 1184 viaagp - ok
21:02:05.0187 1184 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:02:05.0187 1184 ViaIde - ok
21:02:05.0250 1184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:02:05.0250 1184 VolSnap - ok
21:02:05.0328 1184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:02:05.0328 1184 Wanarp - ok
21:02:05.0343 1184 wanatw - ok
21:02:05.0343 1184 WDICA - ok
21:02:05.0453 1184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:02:05.0453 1184 wdmaud - ok
21:02:05.0531 1184 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:02:05.0546 1184 winachsf - ok
21:02:05.0656 1184 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:02:05.0656 1184 WS2IFSL - ok
21:02:05.0703 1184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:02:05.0703 1184 WudfPf - ok
21:02:05.0734 1184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:02:05.0781 1184 WudfRd - ok
21:02:05.0828 1184 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
21:02:05.0828 1184 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:02:05.0828 1184 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:02:05.0843 1184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR12
21:02:05.0843 1184 \Device\Harddisk5\DR12 - ok
21:02:05.0875 1184 Boot (0x1200) (42ee5bc63d8a4a0004d5dd5766b4e434) \Device\Harddisk0\DR0\Partition0
21:02:05.0890 1184 \Device\Harddisk0\DR0\Partition0 - ok
21:02:05.0890 1184 Boot (0x1200) (6c622cee8f85ec3a49c584462c0f0b20) \Device\Harddisk5\DR12\Partition0
21:02:05.0890 1184 \Device\Harddisk5\DR12\Partition0 - ok
21:02:05.0890 1184 ============================================================
21:02:05.0890 1184 Scan finished
21:02:05.0890 1184 ============================================================
21:02:05.0906 3456 Detected object count: 1
21:02:05.0906 3456 Actual detected object count: 1
21:06:18.0406 3456 \Device\Harddisk0\DR0\# - copied to quarantine
21:06:18.0406 3456 \Device\Harddisk0\DR0 - copied to quarantine
21:06:18.0453 3456 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:06:18.0468 3456 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:06:18.0468 3456 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:06:18.0468 3456 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:06:18.0468 3456 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:06:18.0468 3456 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:06:18.0484 3456 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:06:18.0484 3456 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:06:18.0515 3456 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:06:18.0531 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:06:18.0531 3456 \Device\Harddisk0\DR0 - ok
21:07:08.0078 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:08:41.0609 3612 Deinitialize success




aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 21:13:45
-----------------------------
21:13:45.578 OS Version: Windows 5.1.2600 Service Pack 3
21:13:45.578 Number of processors: 2 586 0x407
21:13:45.578 ComputerName: D6FKH1C1 UserName:
21:13:45.890 Initialize success
21:15:23.218 AVAST engine defs: 12030401
21:15:36.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:15:36.171 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
21:15:36.187 Disk 0 MBR read successfully
21:15:36.187 Disk 0 MBR scan
21:15:36.203 Disk 0 unknown MBR code
21:15:36.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:15:36.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71468 MB offset 112455
21:15:36.250 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
21:15:36.265 Disk 0 scanning sectors +156232125
21:15:36.312 Disk 0 scanning C:\WINDOWS\system32\drivers
21:15:45.906 Service scanning
21:16:04.062 Modules scanning
21:16:10.062 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:16:10.875 Disk 0 trace - called modules:
21:16:10.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:16:10.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6f8ab8]
21:16:10.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a740d98]
21:16:11.171 AVAST engine scan C:\WINDOWS
21:16:14.875 AVAST engine scan C:\WINDOWS\system32
21:18:53.296 AVAST engine scan C:\WINDOWS\system32\drivers
21:19:07.890 AVAST engine scan C:\Documents and Settings\Susan London.D6FKH1C1
21:21:17.062 AVAST engine scan C:\Documents and Settings\All Users
21:21:53.046 Scan finished successfully
21:29:21.859 Disk 0 MBR has been saved successfully to "I:\MBR.dat"
21:29:21.875 The log file has been saved successfully to "I:\aswMBR.txt"



When TDSSKiller tried to cure I got an error... I screen caped it and attached it... i had to click continue a few times but then it went away and everything seemed to have run ok.

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 04 March 2012 - 10:39 PM

Hello


restart the computer and rerun Tdsskiller for me again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 March 2012 - 10:48 PM

21:47:14.0015 0276 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:47:14.0437 0276 ============================================================
21:47:14.0437 0276 Current date / time: 2012/03/04 21:47:14.0437
21:47:14.0437 0276 SystemInfo:
21:47:14.0437 0276
21:47:14.0437 0276 OS Version: 5.1.2600 ServicePack: 3.0
21:47:14.0437 0276 Product type: Workstation
21:47:14.0437 0276 ComputerName: D6FKH1C1
21:47:14.0437 0276 UserName: Susan London
21:47:14.0437 0276 Windows directory: C:\WINDOWS
21:47:14.0437 0276 System windows directory: C:\WINDOWS
21:47:14.0437 0276 Processor architecture: Intel x86
21:47:14.0437 0276 Number of processors: 2
21:47:14.0437 0276 Page size: 0x1000
21:47:14.0437 0276 Boot type: Normal boot
21:47:14.0437 0276 ============================================================
21:47:16.0062 0276 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:47:16.0109 0276 Drive \Device\Harddisk5\DR12 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:47:16.0109 0276 \Device\Harddisk0\DR0:
21:47:16.0109 0276 MBR used
21:47:16.0109 0276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8B966D7
21:47:16.0109 0276 \Device\Harddisk5\DR12:
21:47:16.0109 0276 MBR used
21:47:16.0109 0276 \Device\Harddisk5\DR12\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080
21:47:16.0140 0276 Initialize success
21:47:16.0140 0276 ============================================================
21:47:17.0906 0484 ============================================================
21:47:17.0906 0484 Scan started
21:47:17.0906 0484 Mode: Manual;
21:47:17.0906 0484 ============================================================
21:47:18.0656 0484 Abiosdsk - ok
21:47:18.0703 0484 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:47:18.0703 0484 abp480n5 - ok
21:47:18.0796 0484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:18.0796 0484 ACPI - ok
21:47:18.0828 0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:47:18.0828 0484 ACPIEC - ok
21:47:18.0875 0484 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:47:18.0875 0484 adpu160m - ok
21:47:18.0937 0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:47:18.0937 0484 aec - ok
21:47:19.0046 0484 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:47:19.0046 0484 AFD - ok
21:47:19.0078 0484 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:47:19.0078 0484 agp440 - ok
21:47:19.0125 0484 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:47:19.0125 0484 agpCPQ - ok
21:47:19.0187 0484 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:47:19.0187 0484 Aha154x - ok
21:47:19.0203 0484 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:47:19.0203 0484 aic78u2 - ok
21:47:19.0265 0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:47:19.0281 0484 aic78xx - ok
21:47:19.0328 0484 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:47:19.0328 0484 AliIde - ok
21:47:19.0375 0484 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:47:19.0375 0484 alim1541 - ok
21:47:19.0437 0484 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:47:19.0437 0484 amdagp - ok
21:47:19.0484 0484 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:47:19.0484 0484 amsint - ok
21:47:19.0562 0484 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:47:19.0562 0484 asc - ok
21:47:19.0593 0484 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:47:19.0593 0484 asc3350p - ok
21:47:19.0609 0484 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:47:19.0609 0484 asc3550 - ok
21:47:19.0656 0484 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:47:19.0656 0484 ASCTRM - ok
21:47:19.0734 0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:19.0734 0484 AsyncMac - ok
21:47:19.0765 0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:19.0765 0484 atapi - ok
21:47:19.0812 0484 Atdisk - ok
21:47:19.0906 0484 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:47:19.0906 0484 ati2mtag - ok
21:47:19.0984 0484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:19.0984 0484 Atmarpc - ok
21:47:20.0078 0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:20.0078 0484 audstub - ok
21:47:20.0093 0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:47:20.0093 0484 Beep - ok
21:47:20.0109 0484 bvrp_pci - ok
21:47:20.0218 0484 catchme - ok
21:47:20.0281 0484 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:47:20.0281 0484 cbidf - ok
21:47:20.0343 0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:20.0343 0484 cbidf2k - ok
21:47:20.0359 0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:47:20.0359 0484 cd20xrnt - ok
21:47:20.0390 0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:20.0390 0484 Cdaudio - ok
21:47:20.0437 0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:20.0437 0484 Cdfs - ok
21:47:20.0453 0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:20.0453 0484 Cdrom - ok
21:47:20.0468 0484 Changer - ok
21:47:20.0515 0484 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:47:20.0515 0484 CmdIde - ok
21:47:20.0593 0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:47:20.0593 0484 Cpqarray - ok
21:47:20.0734 0484 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:47:20.0781 0484 dac2w2k - ok
21:47:20.0890 0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:47:20.0890 0484 dac960nt - ok
21:47:20.0937 0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:20.0937 0484 Disk - ok
21:47:20.0984 0484 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:47:20.0984 0484 DLABOIOM - ok
21:47:21.0000 0484 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:47:21.0000 0484 DLACDBHM - ok
21:47:21.0000 0484 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:47:21.0000 0484 DLADResN - ok
21:47:21.0015 0484 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:47:21.0015 0484 DLAIFS_M - ok
21:47:21.0031 0484 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:47:21.0031 0484 DLAOPIOM - ok
21:47:21.0031 0484 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:47:21.0031 0484 DLAPoolM - ok
21:47:21.0046 0484 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:47:21.0046 0484 DLARTL_N - ok
21:47:21.0062 0484 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:47:21.0062 0484 DLAUDFAM - ok
21:47:21.0062 0484 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:47:21.0078 0484 DLAUDF_M - ok
21:47:21.0109 0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:47:21.0125 0484 dmboot - ok
21:47:21.0171 0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:47:21.0187 0484 dmio - ok
21:47:21.0281 0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:47:21.0281 0484 dmload - ok
21:47:21.0328 0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:47:21.0328 0484 DMusic - ok
21:47:21.0390 0484 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:47:21.0390 0484 dpti2o - ok
21:47:21.0437 0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:21.0437 0484 drmkaud - ok
21:47:21.0531 0484 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:47:21.0531 0484 DRVMCDB - ok
21:47:21.0531 0484 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:47:21.0531 0484 DRVNDDM - ok
21:47:21.0625 0484 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:47:21.0625 0484 DSproct - ok
21:47:21.0656 0484 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:47:21.0671 0484 E100B - ok
21:47:21.0718 0484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:21.0718 0484 Fastfat - ok
21:47:21.0781 0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:47:21.0796 0484 Fdc - ok
21:47:21.0843 0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:47:21.0843 0484 Fips - ok
21:47:21.0859 0484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:47:21.0859 0484 Flpydisk - ok
21:47:21.0890 0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:21.0906 0484 FltMgr - ok
21:47:21.0953 0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:21.0953 0484 Fs_Rec - ok
21:47:21.0968 0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:21.0984 0484 Ftdisk - ok
21:47:22.0015 0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:22.0015 0484 Gpc - ok
21:47:22.0093 0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:47:22.0093 0484 HDAudBus - ok
21:47:22.0187 0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:47:22.0187 0484 HidUsb - ok
21:47:22.0250 0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:47:22.0265 0484 hpn - ok
21:47:22.0296 0484 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:47:22.0296 0484 HSFHWBS2 - ok
21:47:22.0390 0484 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:47:22.0390 0484 HSF_DP - ok
21:47:22.0500 0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:22.0500 0484 HTTP - ok
21:47:22.0578 0484 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:47:22.0578 0484 i2omgmt - ok
21:47:22.0609 0484 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:47:22.0609 0484 i2omp - ok
21:47:22.0609 0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:47:22.0625 0484 i8042prt - ok
21:47:22.0656 0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:22.0656 0484 Imapi - ok
21:47:22.0750 0484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:47:22.0750 0484 ini910u - ok
21:47:22.0828 0484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:22.0828 0484 IntelIde - ok
21:47:22.0859 0484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:22.0859 0484 intelppm - ok
21:47:22.0890 0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:22.0890 0484 Ip6Fw - ok
21:47:22.0921 0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:22.0921 0484 IpFilterDriver - ok
21:47:23.0000 0484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:23.0000 0484 IpInIp - ok
21:47:23.0000 0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:23.0015 0484 IpNat - ok
21:47:23.0031 0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:23.0046 0484 IPSec - ok
21:47:23.0062 0484 IPVNMon - ok
21:47:23.0093 0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:23.0093 0484 IRENUM - ok
21:47:23.0140 0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:23.0140 0484 isapnp - ok
21:47:23.0156 0484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:23.0156 0484 Kbdclass - ok
21:47:23.0156 0484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:47:23.0156 0484 kbdhid - ok
21:47:23.0171 0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:47:23.0187 0484 kmixer - ok
21:47:23.0250 0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:23.0250 0484 KSecDD - ok
21:47:23.0265 0484 lbrtfdc - ok
21:47:23.0312 0484 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:47:23.0312 0484 mdmxsdk - ok
21:47:23.0375 0484 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:47:23.0375 0484 MHNDRV - ok
21:47:23.0406 0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:23.0406 0484 mnmdd - ok
21:47:23.0453 0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:47:23.0453 0484 Modem - ok
21:47:23.0468 0484 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:47:23.0468 0484 MODEMCSA - ok
21:47:23.0531 0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:23.0531 0484 Mouclass - ok
21:47:23.0578 0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:47:23.0578 0484 mouhid - ok
21:47:23.0625 0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:23.0625 0484 MountMgr - ok
21:47:23.0671 0484 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:47:23.0671 0484 mraid35x - ok
21:47:23.0687 0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:23.0687 0484 MRxDAV - ok
21:47:23.0796 0484 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:23.0796 0484 MRxSmb - ok
21:47:23.0843 0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:47:23.0843 0484 Msfs - ok
21:47:23.0906 0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:23.0906 0484 MSKSSRV - ok
21:47:23.0921 0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:23.0921 0484 MSPCLOCK - ok
21:47:23.0937 0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:23.0937 0484 MSPQM - ok
21:47:23.0984 0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:23.0984 0484 mssmbios - ok
21:47:24.0046 0484 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:47:24.0046 0484 Mup - ok
21:47:24.0062 0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:47:24.0078 0484 NDIS - ok
21:47:24.0171 0484 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:24.0171 0484 NdisTapi - ok
21:47:24.0218 0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:24.0218 0484 Ndisuio - ok
21:47:24.0250 0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:24.0250 0484 NdisWan - ok
21:47:24.0296 0484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:24.0296 0484 NDProxy - ok
21:47:24.0312 0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:24.0312 0484 NetBIOS - ok
21:47:24.0343 0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:24.0343 0484 NetBT - ok
21:47:24.0468 0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:47:24.0468 0484 Npfs - ok
21:47:24.0500 0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:24.0515 0484 Ntfs - ok
21:47:24.0562 0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:47:24.0562 0484 Null - ok
21:47:24.0640 0484 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:24.0671 0484 nv - ok
21:47:24.0781 0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:24.0796 0484 NwlnkFlt - ok
21:47:24.0796 0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:24.0796 0484 NwlnkFwd - ok
21:47:24.0828 0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:47:24.0828 0484 Parport - ok
21:47:24.0859 0484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:24.0859 0484 PartMgr - ok
21:47:24.0890 0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:24.0890 0484 ParVdm - ok
21:47:24.0890 0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:24.0890 0484 PCI - ok
21:47:24.0906 0484 PCIDump - ok
21:47:24.0921 0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:24.0921 0484 PCIIde - ok
21:47:24.0937 0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:47:24.0937 0484 Pcmcia - ok
21:47:24.0953 0484 PDCOMP - ok
21:47:24.0953 0484 PDFRAME - ok
21:47:24.0968 0484 PDRELI - ok
21:47:24.0968 0484 PDRFRAME - ok
21:47:24.0984 0484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:47:25.0000 0484 perc2 - ok
21:47:25.0109 0484 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:47:25.0109 0484 perc2hib - ok
21:47:25.0156 0484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:25.0156 0484 PptpMiniport - ok
21:47:25.0171 0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:25.0171 0484 PSched - ok
21:47:25.0203 0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:25.0203 0484 Ptilink - ok
21:47:25.0234 0484 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:47:25.0234 0484 PxHelp20 - ok
21:47:25.0265 0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:47:25.0265 0484 ql1080 - ok
21:47:25.0281 0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:47:25.0281 0484 Ql10wnt - ok
21:47:25.0375 0484 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:47:25.0375 0484 ql12160 - ok
21:47:25.0390 0484 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:47:25.0390 0484 ql1240 - ok
21:47:25.0406 0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:47:25.0406 0484 ql1280 - ok
21:47:25.0437 0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:25.0437 0484 RasAcd - ok
21:47:25.0484 0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:25.0500 0484 Rasl2tp - ok
21:47:25.0500 0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:25.0500 0484 RasPppoe - ok
21:47:25.0515 0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:25.0515 0484 Raspti - ok
21:47:25.0531 0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:25.0546 0484 Rdbss - ok
21:47:25.0609 0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:25.0625 0484 RDPCDD - ok
21:47:25.0625 0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:25.0640 0484 rdpdr - ok
21:47:25.0671 0484 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:25.0671 0484 RDPWD - ok
21:47:25.0671 0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:25.0687 0484 redbook - ok
21:47:25.0734 0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:25.0734 0484 Secdrv - ok
21:47:25.0750 0484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:47:25.0750 0484 serenum - ok
21:47:25.0796 0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:25.0796 0484 Serial - ok
21:47:25.0828 0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:25.0828 0484 Sfloppy - ok
21:47:25.0906 0484 Simbad - ok
21:47:25.0953 0484 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:47:25.0953 0484 sisagp - ok
21:47:25.0984 0484 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:47:25.0984 0484 Sparrow - ok
21:47:26.0000 0484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:47:26.0000 0484 splitter - ok
21:47:26.0062 0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:26.0062 0484 sr - ok
21:47:26.0203 0484 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:26.0218 0484 Srv - ok
21:47:26.0359 0484 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
21:47:26.0359 0484 STHDA - ok
21:47:26.0375 0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:26.0375 0484 swenum - ok
21:47:26.0390 0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:47:26.0406 0484 swmidi - ok
21:47:26.0437 0484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:47:26.0437 0484 symc810 - ok
21:47:26.0531 0484 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:47:26.0531 0484 symc8xx - ok
21:47:26.0546 0484 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:47:26.0546 0484 sym_hi - ok
21:47:26.0562 0484 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:47:26.0562 0484 sym_u3 - ok
21:47:26.0593 0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:26.0593 0484 sysaudio - ok
21:47:26.0656 0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:47:26.0656 0484 Tcpip - ok
21:47:26.0687 0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:47:26.0687 0484 TDPIPE - ok
21:47:26.0781 0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:47:26.0781 0484 TDTCP - ok
21:47:26.0796 0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:47:26.0796 0484 TermDD - ok
21:47:26.0843 0484 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:47:26.0843 0484 TosIde - ok
21:47:26.0875 0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:47:26.0875 0484 Udfs - ok
21:47:26.0890 0484 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:47:26.0890 0484 ultra - ok
21:47:27.0000 0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:47:27.0015 0484 Update - ok
21:47:27.0031 0484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:47:27.0031 0484 usbccgp - ok
21:47:27.0046 0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:27.0046 0484 usbehci - ok
21:47:27.0093 0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:27.0093 0484 usbhub - ok
21:47:27.0109 0484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:47:27.0109 0484 usbprint - ok
21:47:27.0187 0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:47:27.0187 0484 usbscan - ok
21:47:27.0187 0484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:27.0187 0484 USBSTOR - ok
21:47:27.0218 0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:47:27.0218 0484 usbuhci - ok
21:47:27.0234 0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:47:27.0234 0484 VgaSave - ok
21:47:27.0265 0484 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:47:27.0265 0484 viaagp - ok
21:47:27.0281 0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:47:27.0281 0484 ViaIde - ok
21:47:27.0312 0484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:27.0312 0484 VolSnap - ok
21:47:27.0343 0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:27.0343 0484 Wanarp - ok
21:47:27.0421 0484 wanatw - ok
21:47:27.0437 0484 WDICA - ok
21:47:27.0453 0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:27.0453 0484 wdmaud - ok
21:47:27.0515 0484 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:47:27.0531 0484 winachsf - ok
21:47:27.0609 0484 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:47:27.0609 0484 WS2IFSL - ok
21:47:27.0703 0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:47:27.0703 0484 WudfPf - ok
21:47:27.0734 0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:47:27.0734 0484 WudfRd - ok
21:47:27.0750 0484 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:47:27.0781 0484 \Device\Harddisk0\DR0 - ok
21:47:27.0796 0484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR12
21:47:27.0796 0484 \Device\Harddisk5\DR12 - ok
21:47:27.0828 0484 Boot (0x1200) (42ee5bc63d8a4a0004d5dd5766b4e434) \Device\Harddisk0\DR0\Partition0
21:47:27.0828 0484 \Device\Harddisk0\DR0\Partition0 - ok
21:47:27.0843 0484 Boot (0x1200) (6c622cee8f85ec3a49c584462c0f0b20) \Device\Harddisk5\DR12\Partition0
21:47:27.0843 0484 \Device\Harddisk5\DR12\Partition0 - ok
21:47:27.0843 0484 ============================================================
21:47:27.0843 0484 Scan finished
21:47:27.0843 0484 ============================================================
21:47:27.0859 0476 Detected object count: 0
21:47:27.0859 0476 Actual detected object count: 0
21:47:49.0046 0268 Deinitialize success


It ran without incident that time

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 04 March 2012 - 10:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 March 2012 - 11:24 PM

ComboFix 12-03-01.02 - Susan London 03/04/2012 22:03:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1529 [GMT -6:00]
Running from: c:\documents and settings\Susan London.D6FKH1C1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susan London.D6FKH1C1\Desktop\CFScript.txt.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 03:06 . 2012-03-05 03:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 05:32 . 2012-03-02 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-27 05:32 . 2012-02-27 06:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-27 03:15 . 2012-02-27 03:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2012-02-25 22:38 . 2012-02-25 22:38 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-02-25 22:37 . 2012-02-25 22:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-22 00:42 . 2012-02-22 00:42 -------- d-----w- C:\spoolerlogs
2012-02-12 22:24 . 2012-02-12 22:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2012-02-12 22:24 . 2012-02-12 22:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-05 20:28 . 2012-02-05 20:28 -------- d--h--w- c:\windows\PIF
2012-02-05 20:26 . 2012-02-05 20:50 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-05 20:26 . 2012-02-05 20:26 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-05 20:23 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-02-05 20:23 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-02-05 20:23 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-02-05 19:39 . 2012-02-05 19:39 -------- d-----w- C:\fix_svchost
2012-02-05 19:39 . 2012-02-05 19:32 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-02-05 19:39 . 2012-02-05 19:31 1266056 ----a-w- C:\WindowsXP-KB927891.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2012-01-02 16:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 14:40 . 2012-02-27 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_01.47.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 03:43 . 2012-03-05 03:43 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-31 98304]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2008-03-19 23:39 951784 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 11:14 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 11:14 AM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54275217
*Deregistered* - 54275217
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:14]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Susan London.D6FKH1C1\Application Data\Mozilla\Firefox\Profiles\6g0uvf4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2994972206-396433579-3571087905-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-04 22:14:02
ComboFix-quarantined-files.txt 2012-03-05 04:14
ComboFix2.txt 2012-03-04 20:06
ComboFix3.txt 2012-03-02 04:44
ComboFix4.txt 2012-03-02 01:52
.
Pre-Run: 52,911,038,464 bytes free
Post-Run: 53,432,872,960 bytes free
.
- - End Of File - - 939FC0AB3E975EC591FC7F40E9896C55




So far the system seems stable, no browser hijacker and no freezing... Thank you very much, you are awesome.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 04 March 2012 - 11:48 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 March 2012 - 08:25 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Susan London :: D6FKH1C1 [administrator]

3/5/2012 7:10:37 PM
mbam-log-2012-03-05 (19-10-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207786
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:20:06 PM, on 3/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171841063812
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6634 bytes



The system seems to be good now, nothing came up on any of the scans... Let me know if there is anything else i need to do or if I'm done... Again thank you.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 05 March 2012 - 08:29 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 06 March 2012 - 02:46 PM

There was nothing found during that scan.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 AM

Posted 06 March 2012 - 05:12 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 06 March 2012 - 08:06 PM

Thank you again for all you're help... The system is back in order.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users