Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something lurking


  • This topic is locked This topic is locked
14 replies to this topic

#1 bigmoe

bigmoe

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 16 April 2012 - 04:21 AM

Hi there. I recently noticed a real slowdown on my computers speed. I have used the usual spyware detectors ( malwarebytes, superantispyware, adaware se, stinger and kaspersky) This did pick up a few things but the computer is still very slow so I suspect something in the reg.

I have created a Hijackthis file.

Any advice would be most welcome.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:11, on 16/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.incrediblecharts.com
O15 - Trusted Zone: *.incrediblecharts.com (HKLM)
O15 - ESC Trusted Zone: *.incrediblecharts.com
O15 - ESC Trusted Zone: *.incrediblecharts.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9337 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 18 April 2012 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 April 2012 - 02:13 AM

Hi there

Here is the DDS log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/4/2012 4:19:12 PM
System Uptime: 4/17/2012 7:56:09 AM (49 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 106.256 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 77 GiB total, 11.766 GiB free.
F: is FIXED (NTFS) - 298 GiB total, 197.819 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0001
Service:
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0201
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0201
Service:
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0301
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&1C1A5366&0&0301
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP90: 3/8/2012 10:24:03 AM - System Checkpoint
RP91: 3/12/2012 10:39:43 AM - System Checkpoint
RP92: 3/13/2012 11:01:57 AM - System Checkpoint
RP93: 3/14/2012 12:00:21 PM - System Checkpoint
RP94: 3/15/2012 7:53:06 AM - Installed Rapport
RP95: 3/16/2012 10:07:30 AM - System Checkpoint
RP96: 3/19/2012 9:50:55 AM - System Checkpoint
RP97: 3/20/2012 8:09:42 AM - Installed CommentKahuna
RP98: 3/21/2012 11:51:35 AM - System Checkpoint
RP99: 3/22/2012 12:10:44 PM - System Checkpoint
RP100: 3/23/2012 1:03:52 PM - System Checkpoint
RP101: 3/26/2012 11:38:23 AM - System Checkpoint
RP102: 3/27/2012 8:54:03 AM - Revo Uninstaller's restore point - IObit Toolbar v5.1
RP103: 3/27/2012 8:54:46 AM - Removed IObit Toolbar v5.1.
RP104: 3/27/2012 1:16:06 PM - Revo Uninstaller's restore point - Ad-Aware
RP105: 3/27/2012 1:18:31 PM - Removed Ad-Aware
RP106: 3/28/2012 1:19:44 PM - System Checkpoint
RP107: 3/29/2012 1:44:02 PM - System Checkpoint
RP108: 3/30/2012 2:07:01 PM - System Checkpoint
RP109: 4/2/2012 8:30:14 AM - Installed QuickTime
RP110: 4/4/2012 10:05:07 AM - System Checkpoint
RP111: 4/5/2012 10:41:34 AM - System Checkpoint
RP112: 4/10/2012 10:58:38 AM - System Checkpoint
RP113: 4/11/2012 11:41:10 AM - System Checkpoint
RP114: 4/12/2012 12:17:33 PM - System Checkpoint
RP115: 4/13/2012 12:48:01 PM - System Checkpoint
RP116: 4/14/2012 12:50:19 PM - System Checkpoint
RP117: 4/15/2012 1:19:20 PM - System Checkpoint
RP118: 4/16/2012 9:45:55 AM - Revo Uninstaller's restore point - BitComet 1.31
RP119: 4/16/2012 9:57:01 AM - Installed HiJackThis
RP120: 4/17/2012 11:41:57 AM - System Checkpoint
RP121: 4/18/2012 11:58:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIO_Scan
Apple Application Support
Apple Software Update
ASUS nVidia Driver
Audacity 1.2.6
BufferChm
BurnAware Free 4.5
CCleaner
Comment Hut Lite
CommentKahuna
Compatibility Pack for the 2007 Office system
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
F2100
F2100_doccd
F2100_Help
Free Studio version 5.3.3
Free YouTube to MP3 Converter version 3.10.15.1228
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
IncredibleCharts Pro
IObit Malware Fighter
Java Auto Updater
Java™ 6 Update 31
Kaspersky Internet Security 2011
Live Email Verifier
Macromedia Dreamweaver 8
Macromedia Extension Manager
Mail List Validator 2.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft WinUsb 1.0
Mozilla Firefox 11.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
NVIDIA Control Panel 267.85
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 267.85
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
PSSWCORE
QuickTime
Rapport
Revo Uninstaller 1.93
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SoundMAX
Status
SUPERAntiSpyware
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR 4.10 (32-bit)
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
4/12/2012 6:49:51 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
.
==== End Of File ===========================

#4 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 April 2012 - 02:17 AM

TDSS Killer found nothing

#5 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 April 2012 - 02:23 AM

The Avast tool did not seem to work ?

Here is the log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 08:18:19
-----------------------------
08:18:19.890 OS Version: Windows 5.1.2600 Service Pack 3
08:18:19.890 Number of processors: 2 586 0x4303
08:18:19.890 ComputerName: SELECT-0769CBE0 UserName: Administrator
08:18:20.156 Initialze error C0000022 - driver not loaded
08:18:34.390 AVAST engine download error: 0
08:19:12.171 Service scanning
08:19:12.765 Modules scanning
08:19:12.765 Disk 0 trace - called modules:
08:19:12.765
08:19:12.765 Scan finished successfully
08:19:41.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"


Many thanks

#6 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 April 2012 - 02:55 AM

Got the Avast to work

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 08:18:19
-----------------------------
08:18:19.890 OS Version: Windows 5.1.2600 Service Pack 3
08:18:19.890 Number of processors: 2 586 0x4303
08:18:19.890 ComputerName: SELECT-0769CBE0 UserName: Administrator
08:18:20.156 Initialze error C0000022 - driver not loaded
08:18:34.390 AVAST engine download error: 0
08:19:12.171 Service scanning
08:19:12.765 Modules scanning
08:19:12.765 Disk 0 trace - called modules:
08:19:12.765
08:19:12.765 Scan finished successfully
08:19:41.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 08:24:49
-----------------------------
08:24:49.125 OS Version: Windows 5.1.2600 Service Pack 3
08:24:49.125 Number of processors: 2 586 0x4303
08:24:49.125 ComputerName: SELECT-0769CBE0 UserName: Administrator
08:24:52.781 Initialize success
08:27:53.093 AVAST engine defs: 12041802
08:28:00.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
08:28:00.078 Disk 0 Vendor: Hitachi_HCT721016SLA380 ST1OA31E Size: 152627MB BusType: 3
08:28:00.078 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
08:28:00.078 Disk 1 Vendor: Hitachi_HDS721680PLA380 P21OA70A Size: 78533MB BusType: 3
08:28:00.078 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000079
08:28:00.078 Disk 2 Vendor: ST3320613AS SD22 Size: 305245MB BusType: 3
08:28:00.109 Disk 0 MBR read successfully
08:28:00.109 Disk 0 MBR scan
08:28:00.140 Disk 0 Windows XP default MBR code
08:28:00.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:28:00.156 Disk 0 scanning sectors +312560640
08:28:00.250 Disk 0 scanning C:\WINDOWS\system32\drivers
08:28:10.593 Service scanning
08:28:17.718 Service KL1 C:\WINDOWS\system32\drivers\kl1.sys **LOCKED** 5
08:28:17.734 Service kl2 C:\WINDOWS\system32\drivers\kl2.sys **LOCKED** 5
08:28:17.875 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
08:28:17.921 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
08:28:30.078 Modules scanning
08:28:37.281 Disk 0 trace - called modules:
08:28:37.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
08:28:37.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ecab8]
08:28:37.296 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a53bf18]
08:28:37.296 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\00000075[0x8a4ec030]
08:28:37.765 AVAST engine scan C:\WINDOWS
08:28:40.906 AVAST engine scan C:\WINDOWS\system32
08:30:45.468 AVAST engine scan C:\WINDOWS\system32\drivers
08:30:59.453 AVAST engine scan C:\Documents and Settings\Administrator
08:35:50.203 AVAST engine scan C:\Documents and Settings\All Users
08:41:20.984 Scan finished successfully
08:44:37.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
08:44:37.015 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"

Have attached MBR.dat

Many thanks

Attached Files

  • Attached File  MBR.zip   499bytes   1 downloads


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 19 April 2012 - 09:56 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#8 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 April 2012 - 02:34 AM

Combofix Results


ComboFix 12-04-20.02 - Administrator 20/04/2012 8:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1482 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SET13D5.tmp
c:\windows\SETA77.tmp
c:\windows\system32\_004576_.tmp.dll
c:\windows\system32\_004577_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004589_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004595_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004600_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004606_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004618_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004621_.tmp.dll
c:\windows\system32\_004622_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004627_.tmp.dll
c:\windows\system32\_004628_.tmp.dll
c:\windows\system32\_004629_.tmp.dll
c:\windows\system32\_004630_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004637_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET148B.tmp
c:\windows\system32\SET148D.tmp
c:\windows\system32\SET148F.tmp
c:\windows\system32\SET1494.tmp
c:\windows\system32\SET1497.tmp
c:\windows\system32\SET149F.tmp
c:\windows\system32\SET14A4.tmp
c:\windows\system32\SET14A6.tmp
c:\windows\system32\SET14AA.tmp
c:\windows\system32\SET14AB.tmp
c:\windows\system32\SET14B3.tmp
c:\windows\system32\SET14B4.tmp
c:\windows\system32\SET14B5.tmp
c:\windows\system32\SET14BB.tmp
c:\windows\system32\SET14BF.tmp
c:\windows\system32\SET14C1.tmp
c:\windows\system32\SET14C4.tmp
c:\windows\system32\SET14C8.tmp
c:\windows\system32\SET14CE.tmp
c:\windows\system32\SET14D5.tmp
c:\windows\system32\SET14DE.tmp
c:\windows\system32\SET14DF.tmp
c:\windows\system32\SET14E4.tmp
c:\windows\system32\SET14E6.tmp
c:\windows\system32\SET14E9.tmp
c:\windows\system32\SET14EA.tmp
c:\windows\system32\SET14EB.tmp
c:\windows\system32\SET14ED.tmp
c:\windows\system32\SET14EF.tmp
c:\windows\system32\SET14F0.tmp
c:\windows\system32\SET14F1.tmp
c:\windows\system32\SET14F2.tmp
c:\windows\system32\SET14F4.tmp
c:\windows\system32\SET14F5.tmp
c:\windows\system32\SET14F6.tmp
c:\windows\system32\SET14F8.tmp
c:\windows\system32\SET14F9.tmp
c:\windows\system32\SET14FA.tmp
c:\windows\system32\SET14FE.tmp
c:\windows\system32\SET1500.tmp
c:\windows\system32\SET1505.tmp
c:\windows\system32\SET1508.tmp
c:\windows\system32\SET1509.tmp
c:\windows\system32\SET759.tmp
c:\windows\system32\SET75D.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SET75F.tmp
c:\windows\system32\SET760.tmp
c:\windows\system32\SET762.tmp
c:\windows\system32\SET764.tmp
c:\windows\system32\SET76B.tmp
c:\windows\system32\SET76C.tmp
c:\windows\system32\SET76F.tmp
c:\windows\system32\SET779.tmp
c:\windows\system32\SET77E.tmp
c:\windows\system32\SET784.tmp
c:\windows\system32\SET785.tmp
c:\windows\system32\SET787.tmp
c:\windows\system32\SET788.tmp
c:\windows\system32\SET789.tmp
c:\windows\system32\SET78A.tmp
c:\windows\system32\SET78B.tmp
c:\windows\system32\SET78D.tmp
c:\windows\system32\SET78E.tmp
c:\windows\system32\SET78F.tmp
c:\windows\system32\SET792.tmp
c:\windows\system32\SET799.tmp
c:\windows\system32\SET79A.tmp
c:\windows\system32\SET79B.tmp
c:\windows\system32\SET79E.tmp
c:\windows\system32\SET7A0.tmp
c:\windows\system32\SET7A1.tmp
c:\windows\system32\SET7A7.tmp
c:\windows\system32\SET7A9.tmp
c:\windows\system32\SET7AA.tmp
c:\windows\system32\SET7AB.tmp
c:\windows\system32\SET7AD.tmp
c:\windows\system32\SET7B2.tmp
c:\windows\system32\SET7B3.tmp
c:\windows\system32\SET7B4.tmp
c:\windows\system32\SET7B5.tmp
c:\windows\system32\SET7B6.tmp
c:\windows\system32\SET7BC.tmp
c:\windows\system32\SET7C1.tmp
c:\windows\system32\SET7C2.tmp
c:\windows\system32\SET7C5.tmp
c:\windows\system32\SET7C8.tmp
c:\windows\system32\SET7C9.tmp
c:\windows\system32\SET7CB.tmp
c:\windows\system32\SET7D0.tmp
c:\windows\system32\SET7D1.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7D6.tmp
c:\windows\system32\SET7D7.tmp
c:\windows\system32\SET7E0.tmp
c:\windows\system32\SET7E1.tmp
c:\windows\system32\SET7E4.tmp
c:\windows\system32\SET7E6.tmp
c:\windows\system32\SET7E7.tmp
c:\windows\system32\SET7E8.tmp
c:\windows\system32\SET7E9.tmp
c:\windows\system32\SET7EA.tmp
c:\windows\system32\SET7EB.tmp
c:\windows\system32\SET7FB.tmp
c:\windows\system32\SET800.tmp
c:\windows\system32\SET802.tmp
c:\windows\system32\SET804.tmp
c:\windows\system32\SET805.tmp
c:\windows\system32\SET806.tmp
c:\windows\system32\SET807.tmp
c:\windows\system32\SET809.tmp
c:\windows\system32\SET80A.tmp
c:\windows\system32\SET80E.tmp
c:\windows\system32\SET80F.tmp
c:\windows\system32\SET812.tmp
c:\windows\system32\SET813.tmp
c:\windows\system32\SET814.tmp
c:\windows\system32\SET81A.tmp
c:\windows\system32\SET81B.tmp
c:\windows\system32\SET81C.tmp
c:\windows\system32\SET823.tmp
c:\windows\system32\SET824.tmp
c:\windows\system32\SET82A.tmp
c:\windows\system32\SET82B.tmp
c:\windows\system32\SET82C.tmp
c:\windows\system32\SET82D.tmp
c:\windows\system32\SET82F.tmp
c:\windows\system32\SET834.tmp
c:\windows\system32\SET835.tmp
c:\windows\system32\SET841.tmp
c:\windows\system32\SET843.tmp
c:\windows\system32\SET845.tmp
c:\windows\system32\SET846.tmp
c:\windows\system32\SET847.tmp
c:\windows\system32\SET849.tmp
c:\windows\system32\SET853.tmp
c:\windows\system32\SET855.tmp
c:\windows\system32\SET856.tmp
c:\windows\system32\SET85A.tmp
c:\windows\system32\SET85C.tmp
c:\windows\system32\SET85F.tmp
c:\windows\system32\SET864.tmp
c:\windows\system32\SET867.tmp
c:\windows\system32\SET868.tmp
c:\windows\system32\SET871.tmp
c:\windows\system32\SET872.tmp
c:\windows\system32\SET879.tmp
c:\windows\system32\SET87A.tmp
c:\windows\system32\SET87D.tmp
c:\windows\system32\SET87E.tmp
c:\windows\system32\SET87F.tmp
c:\windows\system32\SET880.tmp
c:\windows\system32\SET881.tmp
c:\windows\system32\SET883.tmp
c:\windows\system32\SET884.tmp
c:\windows\system32\SET885.tmp
c:\windows\system32\SET887.tmp
c:\windows\system32\SET888.tmp
c:\windows\system32\SET889.tmp
c:\windows\system32\SET88B.tmp
c:\windows\system32\SET88E.tmp
c:\windows\system32\SET893.tmp
c:\windows\system32\SET894.tmp
c:\windows\system32\SET895.tmp
c:\windows\system32\SET89A.tmp
c:\windows\system32\SET89B.tmp
c:\windows\system32\SET89C.tmp
c:\windows\system32\SET89E.tmp
c:\windows\system32\SET8A1.tmp
c:\windows\system32\SET8A3.tmp
c:\windows\system32\SET8A4.tmp
c:\windows\system32\SET8A9.tmp
c:\windows\system32\SET8AC.tmp
c:\windows\system32\SET8AF.tmp
c:\windows\system32\SET8B0.tmp
c:\windows\system32\SET8B2.tmp
c:\windows\system32\SET8B7.tmp
c:\windows\system32\SET8BD.tmp
c:\windows\system32\SET8C3.tmp
c:\windows\system32\SET8C5.tmp
c:\windows\system32\SET8C6.tmp
c:\windows\system32\SET8C9.tmp
c:\windows\system32\SET8CA.tmp
c:\windows\system32\SET8D5.tmp
c:\windows\system32\SET8D8.tmp
c:\windows\system32\SET8DA.tmp
c:\windows\system32\SET8DB.tmp
c:\windows\system32\SET8DC.tmp
c:\windows\system32\SET8E7.tmp
c:\windows\system32\SET8E8.tmp
c:\windows\system32\SET8E9.tmp
c:\windows\system32\SET8EA.tmp
c:\windows\system32\SET8EB.tmp
c:\windows\system32\SET8EC.tmp
c:\windows\system32\SET8EE.tmp
c:\windows\system32\SET8F0.tmp
c:\windows\system32\SET8F3.tmp
c:\windows\system32\SET8FF.tmp
c:\windows\system32\SET901.tmp
c:\windows\system32\SET902.tmp
c:\windows\system32\SET903.tmp
c:\windows\system32\SET905.tmp
c:\windows\system32\SET906.tmp
c:\windows\system32\SET90B.tmp
c:\windows\system32\SET90D.tmp
c:\windows\system32\SET90E.tmp
c:\windows\system32\SET915.tmp
c:\windows\system32\SET920.tmp
c:\windows\system32\SET923.tmp
c:\windows\system32\SET924.tmp
c:\windows\system32\SET925.tmp
c:\windows\system32\SET926.tmp
c:\windows\system32\SET929.tmp
c:\windows\system32\SET931.tmp
c:\windows\system32\SET939.tmp
c:\windows\system32\SET93B.tmp
c:\windows\system32\SET941.tmp
c:\windows\system32\SET943.tmp
c:\windows\system32\SET954.tmp
c:\windows\system32\SET958.tmp
c:\windows\system32\SET95A.tmp
c:\windows\system32\SET95C.tmp
c:\windows\system32\SET960.tmp
c:\windows\system32\SET962.tmp
c:\windows\system32\SET964.tmp
c:\windows\system32\SET966.tmp
c:\windows\system32\SET974.tmp
c:\windows\system32\SET97A.tmp
c:\windows\system32\SET97B.tmp
c:\windows\system32\SET97C.tmp
c:\windows\system32\SET97D.tmp
c:\windows\system32\SET97E.tmp
c:\windows\system32\SET984.tmp
c:\windows\system32\SET988.tmp
c:\windows\system32\SET996.tmp
c:\windows\system32\SET998.tmp
c:\windows\system32\SET999.tmp
c:\windows\system32\SET99A.tmp
c:\windows\system32\SET9A2.tmp
c:\windows\system32\SET9A6.tmp
c:\windows\system32\SET9AB.tmp
c:\windows\system32\SET9B1.tmp
c:\windows\system32\SET9C4.tmp
c:\windows\system32\SET9C5.tmp
c:\windows\system32\SET9CA.tmp
c:\windows\system32\SET9D5.tmp
c:\windows\system32\SET9E6.tmp
c:\windows\system32\SET9E7.tmp
c:\windows\system32\SET9EA.tmp
c:\windows\system32\SET9EF.tmp
c:\windows\system32\SET9F1.tmp
c:\windows\system32\SET9F5.tmp
c:\windows\system32\SET9F6.tmp
c:\windows\system32\SET9F8.tmp
c:\windows\system32\SET9F9.tmp
c:\windows\system32\SET9FA.tmp
c:\windows\system32\SET9FC.tmp
c:\windows\system32\SET9FD.tmp
c:\windows\system32\SET9FE.tmp
c:\windows\system32\SET9FF.tmp
c:\windows\system32\SETA01.tmp
c:\windows\system32\SETA03.tmp
c:\windows\system32\SETA04.tmp
c:\windows\system32\SETA05.tmp
c:\windows\system32\SETA08.tmp
c:\windows\system32\SETA0A.tmp
c:\windows\system32\SETA0F.tmp
c:\windows\system32\SETA10.tmp
c:\windows\system32\SETA18.tmp
c:\windows\system32\SETA1F.tmp
c:\windows\system32\SETA24.tmp
c:\windows\system32\SETA28.tmp
c:\windows\system32\SETA2B.tmp
c:\windows\system32\SETA2D.tmp
c:\windows\system32\SETA31.tmp
c:\windows\system32\SETA33.tmp
c:\windows\system32\SETA34.tmp
c:\windows\system32\SETA35.tmp
c:\windows\system32\SETA39.tmp
c:\windows\system32\SETA3A.tmp
c:\windows\system32\SETA3E.tmp
c:\windows\system32\SETA3F.tmp
c:\windows\system32\SETA44.tmp
c:\windows\system32\SETA48.tmp
c:\windows\system32\SETA4B.tmp
c:\windows\system32\SETA4F.tmp
c:\windows\system32\SETA51.tmp
c:\windows\system32\SETA53.tmp
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 07:02 . 2012-04-20 07:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 08:57 . 2012-04-16 08:57 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-16 08:57 . 2012-04-16 08:57 -------- d-----w- c:\program files\Trend Micro
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-02 07:31 . 2012-04-02 07:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-02 07:30 . 2012-04-02 07:31 -------- d-----w- c:\program files\QuickTime
2012-04-02 07:30 . 2012-04-02 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-04-02 07:29 . 2012-04-02 07:29 -------- d-----w- c:\program files\Common Files\Apple
2012-04-02 07:29 . 2012-04-02 07:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2012-04-02 07:29 . 2012-04-02 07:29 -------- d-----w- c:\program files\Apple Software Update
2012-04-02 07:29 . 2012-04-02 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-04-02 07:29 . 2012-04-02 07:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-03-27 12:20 . 2012-03-27 15:59 -------- d-----w- c:\windows\SxsCaPendDel
2012-03-27 09:42 . 2012-03-27 09:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2012-03-27 07:48 . 2012-03-27 07:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2012-03-27 07:47 . 2012-03-27 07:47 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 07:02 . 2012-01-05 11:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2012-02-10 08:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-07 08:05 . 2012-03-07 08:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-07 08:05 . 2012-01-06 08:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 09:18 . 2012-02-15 09:18 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-15 08:39 . 2012-02-15 08:39 14664 ----a-w- c:\windows\stinger.sys
2012-03-13 04:38 . 2012-03-16 08:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-04 20:09 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 14:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-03-23 23:42 13881448 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-03-23 23:42 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-05 16:55 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 12:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IncredibleCharts\\IncredibleCharts.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"7783:TCP"= 7783:TCP:BitComet 7783 TCP
"7783:UDP"= 7783:UDP:BitComet 7783 UDP
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [3/11/2012 2:48 PM 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [3/11/2012 2:50 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/11/2012 2:48 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/11/2012 2:48 PM 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 5:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 10:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 12:38 AM 116608]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [3/27/2012 8:47 AM 821592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/10/2012 9:42 AM 654408]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/11/2012 2:48 PM 931640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [1/23/2012 5:43 AM 92592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 9:27 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/10/2012 9:42 AM 22344]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [3/11/2012 2:50 PM 21520]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [5/7/2010 1:19 AM 132184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 10:54 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 8:02 AM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 10:54 AM 136176]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [3/27/2012 8:47 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [3/27/2012 8:47 AM 16208]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 1:30 PM 268512]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [3/27/2012 8:47 AM 246816]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 07:02]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 20:09]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 20:09]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-413027322-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-04 20:09]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-413027322-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-04 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: incrediblecharts.com\*
Trusted Zone: incrediblecharts.com\*
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ln0yc0ib.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 08:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-413027322-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,fa,42,be,3d,27,1c,4d,bf,f3,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,fa,42,be,3d,27,1c,4d,bf,f3,2d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1136)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1192)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-20 08:30:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 07:30
.
Pre-Run: 113,419,186,176 bytes free
Post-Run: 113,392,193,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 324D7873D4B4916099A8ADADB594081B

Many thanks

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 20 April 2012 - 09:02 AM

Looking good.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any remaining issues.

#10 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 April 2012 - 09:35 AM

Security Check log

Many thanks

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Internet Security 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
IObit IObit Malware Fighter IMFsrv.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 20 April 2012 - 10:10 AM

All good.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 April 2012 - 02:00 AM

Hi

When I type ComboFix/Uninstall into the run box I get " windows could not find it" message ?

#13 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 April 2012 - 03:20 AM

Combo fix uninstalled

Many thanks

#14 bigmoe

bigmoe
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 April 2012 - 03:28 AM

Combo fix uninstalled

Many thanks

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 29 April 2012 - 07:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users