Jump to content

Val2Read

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Many many thanks LonnyRJ. You have been so patient and kind during this entire process. I will take your advice regarding the hosts file. My laptop now seems to run like it used to so here's hoping it stays that way. This is the first time I've ever been hit with this kind of a problem, so I'm very glad that it's been resolved - thanks to you.
  2. LonnyRJ - here is the ComboFix log: ComboFix 09-10-01.01 - 10/01/2009 22:59.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2459 [GMT -7:00] Running from: c:\documents and settings\AA\Desktop\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 ))))))))))))))))))))))))))))))) . 2009-09-30 23:09 . 2009-09-30 23:09 -------- d-----w- c:\windows\Sun 2009-09-30 23:08 . 2009-09-30 23:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-30 23:07 . 2009-09-30 23:07 -------- d-----w- c:\program files\Java 2009-09-20 21:48 . 2009-09-20 21:48 -------- d-----w- c:\program files\Trend Micro 2009-09-20 18:18 . 2009-09-20 18:18 -------- d-----w- c:\documents and settings\AA\Application Data\Bitdefender 2009-09-20 18:17 . 2009-09-20 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-09-19 23:40 . 2009-09-19 23:40 -------- d--ha-w- c:\windows\PIF 2009-09-13 03:05 . 2009-09-13 03:05 -------- d-----w- c:\program files\ePaperPress 2009-09-09 04:20 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-01 15:12 . 2008-03-08 09:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-01 15:11 . 2008-07-03 04:03 81984 ----a-w- c:\windows\system32\bdod.bin 2009-10-01 07:54 . 2008-12-11 14:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-01 07:49 . 2009-05-01 07:09 -------- d-----w- c:\program files\SpywareBlaster 2009-09-20 22:11 . 2008-06-13 23:33 -------- d-----w- c:\documents and settings\AA\Application Data\R-Wipe&Clean 2009-09-20 18:17 . 2008-05-18 07:33 -------- d-----w- c:\program files\Common Files\BitDefender 2009-09-20 09:11 . 2008-10-01 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\R-Wipe&Clean 2009-09-20 01:22 . 2008-12-11 08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 00:33 . 2009-06-29 04:38 179792 ----a-w- c:\windows\system32\guard32.dll 2009-09-20 00:33 . 2009-06-29 04:38 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-09-20 00:33 . 2009-06-29 04:38 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-09-20 00:33 . 2009-06-29 04:38 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-13 08:50 . 2008-02-08 09:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-10 21:54 . 2008-12-11 08:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2008-12-11 08:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 06:45 . 2006-08-09 02:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-06 00:04 . 2008-08-01 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-31 04:51 . 2009-08-31 04:41 -------- d-----w- c:\program files\Topaz Labs 2009-08-30 18:59 . 2008-06-13 04:42 -------- d-----w- c:\program files\PurgeIE 2009-08-23 05:40 . 2006-08-16 06:17 -------- d---a-w- c:\documents and settings\AA\Application Data\Apple Computer 2009-08-22 21:16 . 2009-08-22 21:16 -------- d-----w- c:\documents and settings\AA\Application Data\Auto FX Software 2009-08-16 16:18 . 2009-07-04 06:00 110304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-07 01:08 . 2009-08-07 01:08 6456320 ----a-w- c:\windows\system32\tlidetail10.dll 2009-08-05 09:01 . 1980-01-01 07:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-08 04:50 . 2006-07-04 21:28 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2009-07-06 03:17 . 2009-07-05 06:45 2639680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((( SnapShot@2009-09-22_10.37.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-01 15:12 . 2009-10-01 15:12 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat - 2006-08-04 19:02 . 2009-09-22 10:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-08-04 19:02 . 2009-09-30 22:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-05-25 07:10 . 2009-09-22 10:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-05-25 07:10 . 2009-09-30 22:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-09-30 23:08 . 2009-09-30 23:07 149280 c:\windows\system32\javaws.exe + 2009-09-30 23:08 . 2009-09-30 23:07 145184 c:\windows\system32\javaw.exe + 2009-09-30 23:08 . 2009-09-30 23:07 145184 c:\windows\system32\java.exe + 2009-09-30 23:07 . 2009-09-30 23:07 537600 c:\windows\Installer\1bb548.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-01 1998576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-20 1799952] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-05 368640] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-01 07:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-03-23 09:03 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^AA^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\AA\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register FocalPoint 1.0.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Register FocalPoint 1.0.lnk backup=c:\windows\pss\Register FocalPoint 1.0.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk backup=c:\windows\pss\Register Mask Pro 3.0.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ThinkVantage\\AMSG\\AMSG.EXE"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe"= R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [9/12/2003 3:19 PM 132899] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [7/4/2006 2:03 PM 85760] R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [5/18/2008 6:45 PM 127520] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 9:38 PM 132296] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 9:38 PM 25160] R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [9/12/2003 3:48 PM 46810] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 74480] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [5/18/2008 6:45 PM 86560] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [7/4/2006 2:03 PM 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [7/4/2006 2:30 PM 4442] R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [12/19/2007 12:28 AM 417792] R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 1:17 PM 439616] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [12/21/2005 5:14 PM 12544] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 1:11 PM 46142] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [5/18/2008 6:45 PM 1239584] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 4:45 PM 3968] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [5/18/2008 6:45 PM 69664] R2 Workshare Protect Service;Workshare Protect Service;"c:\program files\Workshare\Modules\Workshare.Protect.Service.SvcHost.exe" [9/11/2008 6:06 PM 36864] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [3/9/2007 12:09 PM 25704] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [3/9/2007 12:16 PM 23400] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [7/29/2008 7:02 PM 26600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Professional 5.21.9652.292] c:\program files\Workshare\Modules\WmConfigAssistant.exe /userinit [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Protect Client] c:\program files\Workshare\Modules\Workshare.Protect.UserInit.exe . Contents of the 'Scheduled Tasks' folder 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57] 2009-09-01 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-04 08:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/us/en/ uInternet Settings,ProxyOverride = <local> IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://mickey.manatt.com/Exchweb/controls/DAX.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 23:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(964) c:\windows\system32\guard32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\tphklock.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll c:\windows\system32\igfxdev.dll c:\windows\system32\notifyf2.dll - - - - - - - > 'lsass.exe'(1020) c:\windows\system32\guard32.dll - - - - - - - > 'explorer.exe'(7852) c:\windows\system32\WININET.dll c:\windows\system32\PROCHLP.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-02 23:11 ComboFix-quarantined-files.txt 2009-10-02 06:11 ComboFix2.txt 2009-09-23 00:20 ComboFix3.txt 2009-09-22 10:47 Pre-Run: 2,568,777,728 bytes free Post-Run: 2,554,884,096 bytes free 215 --- E O F --- 2009-09-09 06:49
  3. LonnyRJ - should I just re-download ComboFix and run it again?
  4. I disabled Comodo, BitDefender and SuperAnti Spyware. But I still get the "Installation Failed" notice. Also I get another dialogue box telling me ComboFix has expired, to press "yes" for limited functionality, and "no" to exit.
  5. LonnyRJ - I got "installation failed". Then combofix started scanning, and after that rebooted by laptop. No text boxes opened, though.
  6. I also noticed that the google redirects have ceased, and bootup is much faster.
  7. LonnyRJ - here's the MBAM log. The bug appears to be gone! THank you very much! Do you suggest any other cleanups I need to do on my PC? Malwarebytes' Anti-Malware 1.41 Database version: 2834 Windows 5.1.2600 Service Pack 3 9/30/2009 3:51:14 PM mbam-log-2009-09-30 (15-51-14).txt Scan type: Quick Scan Objects scanned: 112935 Time elapsed: 5 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. Here goes, LonnyRJ. I'm rebooting now to run MBAM. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\IBMTOOLS\DRIVERS\IMSM\IASTOR.SYS|C:\WINDOWS\system32\drivers\IASTOR.SYS" completed successfully. Completed script processing. ******************* Finished! Terminate.
  9. LonnyRJ - all I got was a dialogue box that said "Installation Failed".
  10. The results: "C:\DRIVERS\OTHER\IASTOR.SYS" 874240 10/12/2005 12:07 PM "C:\IBMTOOLS\DRIVERS\IMSM\IASTOR.SYS" 874240 10/12/2005 12:07 PM "C:\WINDOWS\system32\drivers\IASTOR.SYS" 874240 10/12/2005 12:07 PM
  11. Thanks LonnyRJ. Here are the results: "C:\WINDOWS\system32\drivers\IASTOR.SYS" 874240 10/12/2005 12:07 PM SERVICE_NAME: atapi DISPLAY_NAME: Standard IDE/ESDI Hard Disk Controller TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: iaStor DISPLAY_NAME: Intel AHCI Controller TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
  12. LonnyRJ - here's what we got: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys >>UNKNOWN [0x8B563C2A]<< kernel: MBR read successfully user & kernel MBR OK
  13. This is what HijackThis came back with: C:\WINDOWS : AstInfo (0 bytes)
  14. Hi LonnyRJ - sorry for late reply - here's the ntblog.txt: Service Pack 3 9 24 2009 14:58:18.375 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver avgarkt.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver pcmcia.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver ACPIEC.sys Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Loaded driver Shockprf.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver iaStor.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver DRVMCDB.SYS Loaded driver PQV2i.sys Loaded driver PxHelp20.sys Loaded driver stcvsm.sys Loaded driver TPkd.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver inspect.sys Loaded driver \WINDOWS\System32\DRIVERS\NDIS.SYS Loaded driver \WINDOWS\System32\DRIVERS\TDI.SYS Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\igxpmp32.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\b57xp32.sys Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\atmeltpm.sys Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\ibmpmdrv.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\drivers\iviaspi.sys Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\btkrnl.sys Loaded driver \SystemRoot\system32\DRIVERS\DisplayLinkmirrorport.sys Loaded driver \SystemRoot\system32\DRIVERS\DisplayLinkGAport.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\drivers\btaudio.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys Loaded driver \SystemRoot\system32\drivers\AEAudio.sys Loaded driver \SystemRoot\system32\DRIVERS\hsxhwazl.sys Loaded driver \SystemRoot\system32\DRIVERS\hsx_dpv.sys Loaded driver \SystemRoot\system32\DRIVERS\hsx_cnxt.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Loaded driver \SystemRoot\System32\DRIVERS\cmdguard.sys Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\Drivers\DLARTL_N.SYS Loaded driver \SystemRoot\System32\DRIVERS\AvgArCln.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\cmdhlp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\system32\DRIVERS\serial.sys Did not load driver \SystemRoot\system32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\drivers\TSMAPIP.SYS Loaded driver \SystemRoot\System32\drivers\Tppwrif.sys Loaded driver \SystemRoot\System32\Drivers\TPHKDRV.SYS Loaded driver \SystemRoot\System32\drivers\TDSMAPI.SYS Loaded driver \SystemRoot\System32\drivers\Smapint.sys Loaded driver \SystemRoot\System32\Drivers\ShockMgr.SYS Loaded driver \SystemRoot\System32\Drivers\sbmount.SYS Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\Drivers\PQIMount.SYS Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS Loaded driver \SystemRoot\System32\DLA\DLADResN.SYS Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\system32\DRIVERS\PROCDD.SYS Loaded driver \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \??\C:\WINDOWS\system32\drivers\ibmfilter.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys Loaded driver \??\C:\WINDOWS\System32\drivers\pmemnt.sys Loaded driver \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys Loaded driver \??\C:\Program Files\SMI2\smi2.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \??\C:\Program Files\IBM ThinkVantage\Rescue and Recovery\WAM.sys Loaded driver \??\C:\Program Files\IBM ThinkVantage\Rescue and Recovery\WAM.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.