Sign in to follow this  
Followers 0
shootinpucks83

Multiple infections

13 posts in this topic

Sometime Tuesday, my computer got infected with the "Anti Virus Live" virus. I kept getting those pop ups and could not get on the internet with any of my browsers. I used a roommates computer to try and research how to get rid of it. I used SUPERantispyware off a thumb drive and then ran MBAM in safe mode. This seemed to take off "Anti Virus Live" but it appeared I had another infection. It was the Whitesmoke Translator infection. I tried running MBAM, SpyBot, and Ad Aware in safe mode. I got numerous infections with each and removed them. I ran my antivirus, avast, a couple of times and got a few infections to remove including Whitesmoke. When I restarted my computer, Whitesmoke was gone but it was still noticeably slower and I was still geting random redirects. I then found the forums here and found this particular post: http://forums.malwarebytes.org/index.php?showtopic=70703 . I followed those instructions and ran TDSkiller, finding one infection (I included the log). I restarted my computer, ran MBAM and it was running much much better. I don't hear the hard drive going, it is faster and I am not getting the random redirects. I decided to run MBAM again and SpyBot again and am still getting infected files. I'm not sure where they are coming from and am worried they could manifest into something more serious again. Here is everything requested in the pinned topic if someone could take a look over it, thanks! I included both MBAM reports from today (most recent being first). I have 3 more from the previous two days (that all had infections) if requested. I also recently installed Online Armour and SpywareBlaster as recommended for further protection.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Nick at 13:19:54.87 on Thu 01/13/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.938 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Online Armor\OAcat.exe

C:\Program Files\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Online Armor\oaui.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Online Armor\OAhlp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Nick\My Documents\Downloads\Defogger.exe

C:\Documents and Settings\Nick\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://mail.vbgov.com/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mWinlogon: Userinit=userinit.exe,

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min

mRun: [TFncKy] TFncKy.exe

mRun: [TDispVol] TDispVol.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TPSMain] TPSMain.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [DXDllRegExe] dxdllreg.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [sansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214316307540

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\376acwj6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.groupon.com/hampton-roads/

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: XULRunner: {4BBF1178-2AE7-404B-B680-B849B7A88CF6} - c:\documents and settings\nick\local settings\application

data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-6 294608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-1-13 202064]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-1-13 38856]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-1-13 25000]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-1-13 29272]

R1 SASDIFSV;SASDIFSV;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-6 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-6 40384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-1-13 380784]

R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-1-13 3652696]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program

files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\nick\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\nick\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]

=============== Created Last 30 ================

2011-01-13 16:22:58 -------- d-----w- c:\program files\SpywareBlaster

2011-01-13 16:16:49 -------- d-----w- c:\docume~1\nick\applic~1\OnlineArmor

2011-01-13 16:16:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor

2011-01-13 16:16:08 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2011-01-13 16:16:08 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys

2011-01-13 16:16:08 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys

2011-01-13 16:16:08 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys

2011-01-13 16:15:58 -------- d-----w- c:\program files\Online Armor

2011-01-12 17:24:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-01-12 17:24:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-01-12 16:40:46 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-12 15:10:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-12 15:07:01 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Sunbelt Software

2011-01-12 14:29:30 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-01-12 07:19:48 -------- d-----w- c:\docume~1\nick\applic~1\SUPERAntiSpyware.com

2011-01-12 07:04:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-01-12 04:21:39 0 ----a-w- c:\windows\Bcune.bin

2011-01-12 04:21:37 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}

2011-01-12 02:57:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-01-12 02:39:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-12 02:39:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-12 02:39:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-12 02:20:25 -------- d-----w- c:\program files\iPod

2011-01-12 02:20:03 -------- d-----w- c:\program files\iTunes

2011-01-12 02:11:09 -------- d-----w- c:\program files\Bonjour

2011-01-07 04:17:25 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-01-07 04:14:00 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-01-07 04:13:47 -------- d-----w- c:\windows\SHELLNEW

2011-01-07 04:12:35 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Microsoft Help

2011-01-06 22:44:09 38848 ----a-w- c:\windows\avastSS.scr

2011-01-06 22:44:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-12-24 21:26:03 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Thunderbird

2010-12-15 04:14:12 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 04:13:20 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:22:22.20 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5512

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/13/2011 1:03:19 PM

mbam-log-2011-01-13 (13-03-19).txt

Scan type: Quick scan

Objects scanned: 185880

Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Temp\Xd1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\Xd0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\Xd2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5507

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/13/2011 11:18:30 AM

mbam-log-2011-01-13 (11-18-30).txt

Scan type: Quick scan

Objects scanned: 185531

Time elapsed: 15 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\UA24KKHL\load[1].php (Rootkit.TDSS.XGen) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------

2011/01/13 10:55:48.0203 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11

2011/01/13 10:55:48.0203 ================================================================================

2011/01/13 10:55:48.0203 SystemInfo:

2011/01/13 10:55:48.0203

2011/01/13 10:55:48.0203 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/13 10:55:48.0203 Product type: Workstation

2011/01/13 10:55:48.0203 ComputerName: TOSHIBA

2011/01/13 10:55:48.0203 UserName: Nick

2011/01/13 10:55:48.0203 Windows directory: C:\WINDOWS

2011/01/13 10:55:48.0203 System windows directory: C:\WINDOWS

2011/01/13 10:55:48.0203 Processor architecture: Intel x86

2011/01/13 10:55:48.0203 Number of processors: 2

2011/01/13 10:55:48.0203 Page size: 0x1000

2011/01/13 10:55:48.0203 Boot type: Normal boot

2011/01/13 10:55:48.0203 ================================================================================

2011/01/13 10:55:48.0671 Initialize success

2011/01/13 10:55:51.0640 ================================================================================

2011/01/13 10:55:51.0640 Scan started

2011/01/13 10:55:51.0640 Mode: Manual;

2011/01/13 10:55:51.0640 ================================================================================

2011/01/13 10:55:57.0828 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/01/13 10:55:58.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/13 10:55:58.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/13 10:55:58.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/13 10:55:59.0031 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/01/13 10:55:59.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/13 10:55:59.0187 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/13 10:55:59.0421 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/01/13 10:55:59.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/13 10:55:59.0984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/01/13 10:56:00.0062 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/01/13 10:56:00.0140 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/01/13 10:56:00.0218 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/01/13 10:56:00.0265 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/01/13 10:56:00.0328 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/01/13 10:56:00.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/13 10:56:00.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/13 10:56:00.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/13 10:56:00.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/13 10:56:00.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/13 10:56:00.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/13 10:56:00.0859 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/13 10:56:00.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/13 10:56:00.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/13 10:56:01.0093 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/13 10:56:01.0156 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/13 10:56:01.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/13 10:56:01.0437 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/01/13 10:56:01.0531 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/01/13 10:56:01.0578 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/01/13 10:56:01.0609 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/01/13 10:56:01.0656 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/01/13 10:56:01.0687 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/01/13 10:56:01.0750 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/01/13 10:56:01.0781 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/01/13 10:56:01.0812 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/01/13 10:56:01.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/13 10:56:02.0031 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/13 10:56:02.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/13 10:56:02.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/13 10:56:02.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/13 10:56:02.0281 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/01/13 10:56:02.0312 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/01/13 10:56:02.0390 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/13 10:56:02.0453 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/01/13 10:56:02.0578 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/13 10:56:02.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/13 10:56:02.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/13 10:56:02.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/13 10:56:02.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/13 10:56:02.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/13 10:56:02.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/13 10:56:02.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/13 10:56:03.0015 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/13 10:56:03.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/13 10:56:03.0359 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/13 10:56:03.0484 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/13 10:56:03.0578 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/13 10:56:03.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/13 10:56:03.0765 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/13 10:56:03.0890 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/01/13 10:56:04.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/13 10:56:05.0218 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/13 10:56:05.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/13 10:56:05.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/13 10:56:05.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/13 10:56:05.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/13 10:56:05.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/13 10:56:05.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/13 10:56:06.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/13 10:56:06.0062 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/13 10:56:06.0078 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/01/13 10:56:06.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/13 10:56:06.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/13 10:56:06.0234 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

2011/01/13 10:56:06.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/13 10:56:06.0453 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/01/13 10:56:06.0625 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/01/13 10:56:06.0765 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/01/13 10:56:06.0812 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/01/13 10:56:06.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/13 10:56:06.0921 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/13 10:56:06.0953 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/13 10:56:07.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/13 10:56:07.0250 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/01/13 10:56:07.0312 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/01/13 10:56:07.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/13 10:56:07.0453 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/13 10:56:07.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/13 10:56:07.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/13 10:56:07.0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/13 10:56:07.0671 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/13 10:56:07.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/13 10:56:07.0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/13 10:56:07.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/13 10:56:07.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/13 10:56:08.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/13 10:56:08.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/13 10:56:08.0062 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/13 10:56:08.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/13 10:56:08.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/13 10:56:08.0171 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/01/13 10:56:08.0234 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/13 10:56:08.0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/13 10:56:08.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/13 10:56:08.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/13 10:56:08.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/13 10:56:08.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/13 10:56:08.0609 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/13 10:56:08.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/13 10:56:08.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/13 10:56:08.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/13 10:56:08.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/13 10:56:08.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/13 10:56:08.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/13 10:56:09.0156 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/01/13 10:56:09.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/13 10:56:09.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/13 10:56:09.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/13 10:56:09.0359 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/13 10:56:09.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/13 10:56:09.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/13 10:56:09.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/13 10:56:09.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/13 10:56:09.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/13 10:56:09.0703 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/13 10:56:09.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/13 10:56:09.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/13 10:56:10.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/13 10:56:10.0093 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/01/13 10:56:10.0265 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

2011/01/13 10:56:10.0281 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

2011/01/13 10:56:10.0531 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/01/13 10:56:10.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/13 10:56:10.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/13 10:56:10.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/13 10:56:10.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/13 10:56:10.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/13 10:56:11.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/13 10:56:11.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/13 10:56:11.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/13 10:56:11.0656 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/01/13 10:56:11.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/13 10:56:11.0875 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/01/13 10:56:11.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/13 10:56:12.0093 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/13 10:56:12.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/13 10:56:12.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/13 10:56:12.0312 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

2011/01/13 10:56:12.0390 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2011/01/13 10:56:12.0453 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/01/13 10:56:12.0546 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2011/01/13 10:56:12.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/13 10:56:12.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/13 10:56:12.0843 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/01/13 10:56:12.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/13 10:56:13.0015 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/01/13 10:56:13.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/13 10:56:13.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/13 10:56:13.0203 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/01/13 10:56:13.0250 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/13 10:56:13.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/13 10:56:13.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/13 10:56:13.0453 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/13 10:56:13.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/13 10:56:13.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/13 10:56:13.0750 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/01/13 10:56:13.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/13 10:56:13.0968 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/13 10:56:14.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/13 10:56:14.0187 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/01/13 10:56:14.0265 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/13 10:56:14.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/13 10:56:14.0468 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/13 10:56:14.0484 ================================================================================

2011/01/13 10:56:14.0484 Scan finished

2011/01/13 10:56:14.0484 ================================================================================

2011/01/13 10:56:14.0515 Detected object count: 1

2011/01/13 10:56:45.0250 \HardDisk0 - will be cured after reboot

2011/01/13 10:56:45.0250 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/13 10:56:50.0765 Deinitialize success

Thanks again,

Nick

Attach1.zip

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

You have a hijacker

uInternet Settings,ProxyServer = http=127.0.0.1:8075

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyServer"=-

Save this as fixme.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

The computer is running just as smoothly. However, I'll try to google a subject and the first time I try to click a link that came up in the results, I get redirected to some ad website causing Online Armor or SpywareBlaster to block the page. The most recent one tried redirecting me to pda.mv.bidsystem.(com). If I click the back button and try to click on the same link, I go to the proper site. It's just the first link I click after every new search. I'm trying to run MBAM right now again...

Share this post


Link to post
Share on other sites

I would also like you to run a new TDSSKiller scan

Share this post


Link to post
Share on other sites
I would also like you to run a new TDSSKiller scan

Share this post


Link to post
Share on other sites

Nothing in either scan. Here are the logs below...

2011/01/13 20:55:36.0500 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11

2011/01/13 20:55:36.0500 ================================================================================

2011/01/13 20:55:36.0500 SystemInfo:

2011/01/13 20:55:36.0500

2011/01/13 20:55:36.0500 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/13 20:55:36.0500 Product type: Workstation

2011/01/13 20:55:36.0500 ComputerName: TOSHIBA

2011/01/13 20:55:36.0500 UserName: Nick

2011/01/13 20:55:36.0500 Windows directory: C:\WINDOWS

2011/01/13 20:55:36.0500 System windows directory: C:\WINDOWS

2011/01/13 20:55:36.0500 Processor architecture: Intel x86

2011/01/13 20:55:36.0500 Number of processors: 2

2011/01/13 20:55:36.0500 Page size: 0x1000

2011/01/13 20:55:36.0500 Boot type: Normal boot

2011/01/13 20:55:36.0500 ================================================================================

2011/01/13 20:55:37.0734 Initialize success

2011/01/13 20:55:44.0515 ================================================================================

2011/01/13 20:55:44.0515 Scan started

2011/01/13 20:55:44.0515 Mode: Manual;

2011/01/13 20:55:44.0515 ================================================================================

2011/01/13 20:55:45.0484 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/01/13 20:55:45.0593 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/13 20:55:45.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/13 20:55:45.0687 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/13 20:55:45.0750 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/01/13 20:55:45.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/13 20:55:45.0984 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/13 20:55:46.0078 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/01/13 20:55:46.0390 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/13 20:55:46.0656 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/01/13 20:55:46.0750 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/01/13 20:55:46.0828 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/01/13 20:55:46.0859 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/01/13 20:55:46.0906 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/01/13 20:55:46.0937 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/01/13 20:55:47.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/13 20:55:47.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/13 20:55:47.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/13 20:55:47.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/13 20:55:47.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/13 20:55:47.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/13 20:55:47.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/13 20:55:47.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/13 20:55:47.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/13 20:55:47.0609 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/13 20:55:47.0671 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/13 20:55:47.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/13 20:55:47.0843 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/01/13 20:55:47.0968 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/01/13 20:55:48.0031 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/01/13 20:55:48.0062 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/01/13 20:55:48.0093 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/01/13 20:55:48.0109 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/01/13 20:55:48.0140 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/01/13 20:55:48.0171 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/01/13 20:55:48.0203 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/01/13 20:55:48.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/13 20:55:48.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/13 20:55:48.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/13 20:55:48.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/13 20:55:48.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/13 20:55:48.0578 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/01/13 20:55:48.0625 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/01/13 20:55:48.0687 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/13 20:55:48.0843 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/01/13 20:55:48.0921 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/13 20:55:48.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/13 20:55:49.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/13 20:55:49.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/13 20:55:49.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/13 20:55:49.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/13 20:55:49.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/13 20:55:49.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/13 20:55:49.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/13 20:55:49.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/13 20:55:49.0546 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/13 20:55:49.0578 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/13 20:55:49.0625 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/13 20:55:49.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/13 20:55:49.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/13 20:55:50.0078 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/01/13 20:55:50.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/13 20:55:50.0640 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/13 20:55:51.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/13 20:55:51.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/13 20:55:51.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/13 20:55:51.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/13 20:55:51.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/13 20:55:51.0281 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/13 20:55:51.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/13 20:55:51.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/13 20:55:51.0531 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/01/13 20:55:51.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/13 20:55:51.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/13 20:55:51.0703 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

2011/01/13 20:55:51.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/13 20:55:52.0062 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/01/13 20:55:52.0140 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/01/13 20:55:52.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/13 20:55:52.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/13 20:55:52.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/13 20:55:52.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/13 20:55:52.0515 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/01/13 20:55:52.0625 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/01/13 20:55:52.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/13 20:55:52.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/13 20:55:52.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/13 20:55:52.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/13 20:55:53.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/13 20:55:53.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/13 20:55:53.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/13 20:55:53.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/13 20:55:53.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/13 20:55:53.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/13 20:55:53.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/13 20:55:53.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/13 20:55:53.0500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/13 20:55:53.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/13 20:55:53.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/13 20:55:53.0781 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/01/13 20:55:53.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/13 20:55:53.0906 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/13 20:55:53.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/13 20:55:54.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/13 20:55:54.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/13 20:55:54.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/13 20:55:54.0203 OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys

2011/01/13 20:55:54.0359 oahlpXX (7c6d7532a8fcbcbda241215e808354c2) C:\WINDOWS\system32\drivers\oahlp32.sys

2011/01/13 20:55:54.0421 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys

2011/01/13 20:55:54.0453 OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys

2011/01/13 20:55:54.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/13 20:55:54.0531 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/13 20:55:54.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/13 20:55:54.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/13 20:55:54.0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/13 20:55:54.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/13 20:55:54.0718 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/13 20:55:54.0953 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/01/13 20:55:55.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/13 20:55:55.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/13 20:55:55.0078 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/13 20:55:55.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/13 20:55:55.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/13 20:55:55.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/13 20:55:55.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/13 20:55:55.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/13 20:55:55.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/13 20:55:55.0671 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/13 20:55:55.0734 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/13 20:55:55.0781 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/13 20:55:55.0906 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/01/13 20:55:56.0015 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

2011/01/13 20:55:56.0046 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

2011/01/13 20:55:56.0250 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/01/13 20:55:56.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/13 20:55:56.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/13 20:55:56.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/13 20:55:56.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/13 20:55:56.0671 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/13 20:55:56.0765 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/13 20:55:57.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/13 20:55:57.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/13 20:55:57.0453 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/01/13 20:55:57.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/13 20:55:57.0562 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/01/13 20:55:57.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/13 20:55:57.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/13 20:55:57.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/13 20:55:57.0875 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/13 20:55:57.0953 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

2011/01/13 20:55:58.0046 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2011/01/13 20:55:58.0109 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/01/13 20:55:58.0140 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2011/01/13 20:55:58.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/13 20:55:58.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/13 20:55:58.0531 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/01/13 20:55:58.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/13 20:55:58.0656 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/01/13 20:55:58.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/13 20:55:58.0843 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/13 20:55:58.0921 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/01/13 20:55:58.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/13 20:55:59.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/13 20:55:59.0062 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/13 20:55:59.0109 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/13 20:55:59.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/13 20:55:59.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/13 20:55:59.0515 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/01/13 20:55:59.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/13 20:55:59.0796 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/13 20:55:59.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/13 20:56:00.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/01/13 20:56:00.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/13 20:56:00.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/13 20:56:00.0468 ================================================================================

2011/01/13 20:56:00.0468 Scan finished

2011/01/13 20:56:00.0468 ================================================================================

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5514

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/13/2011 8:52:19 PM

mbam-log-2011-01-13 (20-52-19).txt

Scan type: Quick scan

Objects scanned: 174358

Time elapsed: 12 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I ran ComboFix and am including the log below. As far as how the computer is running, still no noticeable slow down. I tried 5 different google searches and haven't tried to be redirected yet. I need to leave the house now so will not be able to try anymore at the moment. Did ComboFix change anything?

ComboFix 11-01-13.01 - Nick 01/13/2011 21:22:03.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.848 [GMT -5:00]

Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Microsoft

c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat

c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat

c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}

c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome.manifest

c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome\content\_cfg.js

c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome\content\overlay.xul

c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\install.rdf

c:\documents and settings\Nick\Local Settings\Temporary Internet Files\cookies.sqlite

c:\windows\system32\service

c:\windows\system32\service\01112010_TIS17_SfFniAU.log

c:\windows\system32\service\01122010_TIS17_SfFniAU.log

c:\windows\system32\service\02082010_TIS17_SfFniAU.log

c:\windows\system32\service\02092010_TIS17_SfFniAU.log

c:\windows\system32\service\02102010_TIS17_SfFniAU.log

c:\windows\system32\service\03032010_TIS17_SfFniAU.log

c:\windows\system32\service\03052010_TIS17_SfFniAU.log

c:\windows\system32\service\04052009_TIS17_SfFniAU.log

c:\windows\system32\service\04082009_TIS17_SfFniAU.log

c:\windows\system32\service\04102010_TIS17_SfFniAU.log

c:\windows\system32\service\07062010_TIS17_SfFniAU.log

c:\windows\system32\service\07112010_TIS17_SfFniAU.log

c:\windows\system32\service\08062010_TIS17_SfFniAU.log

c:\windows\system32\service\08122009_TIS17_SfFniAU.log

c:\windows\system32\service\10022010_TIS17_SfFniAU.log

c:\windows\system32\service\10052010_TIS17_SfFniAU.log

c:\windows\system32\service\11012010_TIS17_SfFniAU.log

c:\windows\system32\service\11052009_TIS17_SfFniAU.log

c:\windows\system32\service\11112009_TIS17_SfFniAU.log

c:\windows\system32\service\12042010_TIS17_SfFniAU.log

c:\windows\system32\service\12052009_TIS17_SfFniAU.log

c:\windows\system32\service\12052010_TIS17_SfFniAU.log

c:\windows\system32\service\12102009_TIS17_SfFniAU.log

c:\windows\system32\service\12102010_TIS17_SfFniAU.log

c:\windows\system32\service\13072010_TIS17_SfFniAU.log

c:\windows\system32\service\13092010_TIS17_SfFniAU.log

c:\windows\system32\service\13102010_TIS17_SfFniAU.log

c:\windows\system32\service\16072010_TIS17_SfFniAU.log

c:\windows\system32\service\17102010_TIS17_SfFniAU.log

c:\windows\system32\service\19082009_TIS17_SfFniAU.log

c:\windows\system32\service\19102009_TIS17_SfFniAU.log

c:\windows\system32\service\20102010_TIS17_SfFniAU.log

c:\windows\system32\service\20112009_TIS17_SfFniAU.log

c:\windows\system32\service\21062010_TIS17_SfFniAU.log

c:\windows\system32\service\22092009_TIS17_SfFniAU.log

c:\windows\system32\service\22122010_TIS17_SfFniAU.log

c:\windows\system32\service\23062010_TIS17_SfFniAU.log

c:\windows\system32\service\23082010_TIS17_SfFniAU.log

c:\windows\system32\service\24122009_TIS17_SfFniAU.log

c:\windows\system32\service\25042010_TIS17_SfFniAU.log

c:\windows\system32\service\25102009_TIS17_SfFniAU.log

c:\windows\system32\service\26092010_TIS17_SfFniAU.log

c:\windows\system32\service\27072009_TIS17_SfFniAU.log

c:\windows\system32\service\27112009_TIS17_SfFniAU.log

c:\windows\system32\service\28012010_TIS17_SfFniAU.log

c:\windows\system32\service\29112010_TIS17_SfFniAU.log

c:\windows\system32\service\29122010_TIS17_SfFniAU.log

c:\windows\system32\service\30092010_TIS17_SfFniAU.log

c:\windows\system32\service\31052010_TIS17_SfFniAU.log

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_SSHNAS

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))

.

2011-01-13 15:41 . 2011-01-13 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-13 05:51 . 2011-01-13 05:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-01-13 05:51 . 2011-01-13 05:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-01-12 20:42 . 2011-01-12 20:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-01-12 17:24 . 2011-01-12 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-01-12 17:24 . 2011-01-12 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-01-12 16:40 . 2011-01-12 16:40 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-12 15:10 . 2011-01-12 15:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Sunbelt Software

2011-01-12 14:29 . 2011-01-12 14:29 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-01-12 07:19 . 2011-01-12 07:19 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com

2011-01-12 07:06 . 2011-01-12 07:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-01-12 07:04 . 2011-01-12 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-01-12 07:04 . 2011-01-12 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-01-12 07:02 . 2011-01-12 07:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-01-12 04:21 . 2011-01-12 06:42 0 ----a-w- c:\windows\Bcune.bin

2011-01-12 03:11 . 2011-01-12 03:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-01-12 02:57 . 2011-01-12 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-01-12 02:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-12 02:39 . 2011-01-12 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-12 02:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-12 02:20 . 2011-01-12 02:20 -------- d-----w- c:\program files\iPod

2011-01-12 02:20 . 2011-01-12 02:21 -------- d-----w- c:\program files\iTunes

2011-01-12 02:11 . 2011-01-12 02:11 -------- d-----w- c:\program files\Bonjour

2011-01-07 04:17 . 2011-01-07 04:17 -------- d-----w- c:\program files\Microsoft.NET

2011-01-07 04:14 . 2011-01-07 04:14 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-01-07 04:13 . 2011-01-07 04:14 -------- d-----w- c:\windows\SHELLNEW

2011-01-07 04:12 . 2011-01-07 04:12 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Microsoft Help

2011-01-07 04:11 . 2011-01-13 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2011-01-07 04:11 . 2011-01-07 04:11 -------- d-----r- C:\MSOCache

2011-01-06 22:44 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-01-06 22:44 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-01-06 22:44 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-01-06 22:44 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-01-06 22:44 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-01-06 22:44 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-01-06 22:44 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-01-06 22:44 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-06 22:44 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr

2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- c:\program files\Alwil Software

2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-12-24 21:26 . 2010-12-24 21:26 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Thunderbird

2010-12-24 21:26 . 2010-12-24 21:26 -------- d-----w- c:\documents and settings\Nick\Application Data\Thunderbird

2010-12-24 21:25 . 2010-12-24 21:25 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-12-15 04:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 04:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2006-02-15 15:36 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2006-02-15 14:03 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2006-02-15 14:02 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2006-02-15 14:03 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2006-02-15 14:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2006-02-15 14:04 1853312 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-03-11 73728]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 55368]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-10-27 2345000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2008-9-18 912344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-10-27 353992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-08-04 21:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

2005-11-28 18:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2005-12-05 19:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2011 5:44 PM 294608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/13/2011 11:16 AM 202064]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/13/2011 11:16 AM 38856]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/13/2011 11:16 AM 25000]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/13/2011 11:16 AM 29272]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2011 5:44 PM 17744]

R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/13/2011 11:15 AM 380784]

R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/13/2011 11:15 AM 3652696]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Nick\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Nick\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

.

------- Supplementary Scan -------

.

uStart Page = https://mail.vbgov.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB

FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\376acwj6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.groupon.com/hampton-roads/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-DXDllRegExe - dxdllreg.exe

MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

AddRemove-HijackThis - c:\documents and settings\Nick\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-13 21:31

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,b3,a0,87,60,e8,3b,45,9c,4d,8e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,b3,a0,87,60,e8,3b,45,9c,4d,8e,\

[HKEY_USERS\S-1-5-21-252245913-2091170121-1509532172-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2768)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\windows\system32\TDispVol.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\system32\TDispVol.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\TPSMain.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\program files\TOSHIBA\ConfigFree\CFSServ.exe

c:\windows\system32\TPSBattM.exe

c:\program files\Online Armor\OAhlp.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-01-13 21:38:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-14 02:38

Pre-Run: 99,892,150,272 bytes free

Post-Run: 101,073,137,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 5341116630EDB2A319DFA4DFA2474E3D

Share this post


Link to post
Share on other sites

What you see here under Other Deletions, is what CF removed.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :P

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Share this post


Link to post
Share on other sites

You're more than welcome.

Glad we were able to help

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.