Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Privacy Protection Virus Removal Help

Started by RetiredChief , Nov 06 2011 06:48 PM

  • This topic is locked This topic is locked
38 replies to this topic

#1 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 06 November 2011 - 06:48 PM

Hello,

Our desktop has been infected with the above virus can you folks help me get rid of it? I downloaded DDS, ran it, and attached the log and the other attachment as a zip file as directed in the forum. Thanks!

Chief

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Administrator at 16:29:45 on 2011-11-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.664 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renais~1.lnk - c:\documents and settings\all users\application data\renaissance wireless server\Renaissance Wireless Server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://de225.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F9665E1-6A11-4972-B941-EB22DFA68FC7} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{837C5F68-FB84-414E-8FEC-9FA666C52334} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EFDC876F-B06E-4EBB-8CF6-7765A6D04335} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\iebho.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\op5b9w5g.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 31704]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-7-12 816672]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 492768]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
S1 MpKsl0f7c0b36;MpKsl0f7c0b36;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02636e4d-33b1-4a9d-93f9-d88436ca3d6d}\mpksl0f7c0b36.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02636e4d-33b1-4a9d-93f9-d88436ca3d6d}\MpKsl0f7c0b36.sys [?]
S1 MpKsl5744934b;MpKsl5744934b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40394202-2b54-4840-a53f-78e381e1b662}\mpksl5744934b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40394202-2b54-4840-a53f-78e381e1b662}\MpKsl5744934b.sys [?]
S1 MpKsl5ff3be24;MpKsl5ff3be24;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{158e3422-62fb-4074-825c-f251e1501bec}\mpksl5ff3be24.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{158e3422-62fb-4074-825c-f251e1501bec}\MpKsl5ff3be24.sys [?]
S1 MpKsl82c4ff9c;MpKsl82c4ff9c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7232c367-9761-4a6c-ba0e-49c0dd6ae5c3}\mpksl82c4ff9c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7232c367-9761-4a6c-ba0e-49c0dd6ae5c3}\MpKsl82c4ff9c.sys [?]
S1 MpKsl9dd2a4f5;MpKsl9dd2a4f5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f49f9929-bc03-461b-a787-cc697c91a1bc}\mpksl9dd2a4f5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f49f9929-bc03-461b-a787-cc697c91a1bc}\MpKsl9dd2a4f5.sys [?]
S1 MpKsla1025ecb;MpKsla1025ecb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c179b624-5673-469d-b8be-7310500daf9d}\mpksla1025ecb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c179b624-5673-469d-b8be-7310500daf9d}\MpKsla1025ecb.sys [?]
S1 MpKslb899b9ea;MpKslb899b9ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68003cd4-2df1-4df8-b327-c3b29de74819}\mpkslb899b9ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68003cd4-2df1-4df8-b327-c3b29de74819}\MpKslb899b9ea.sys [?]
S1 MpKslbd4858d2;MpKslbd4858d2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{422a7366-8cb1-4120-b62b-7e26b6b6f89c}\mpkslbd4858d2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{422a7366-8cb1-4120-b62b-7e26b6b6f89c}\MpKslbd4858d2.sys [?]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1883328]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-13 54760]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366152]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22216]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-11-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-11-4 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-11-4 24064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-7-13 30576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-07 00:28:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35154f1f-026c-4aea-9555-5a16bc4cd9f0}\offreg.dll
2011-11-06 01:37:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-11-05 22:27:49 821760 ----a-w- c:\documents and settings\all users\application data\privacy.exe
2011-11-05 14:34:51 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35154f1f-026c-4aea-9555-5a16bc4cd9f0}\mpengine.dll
2011-11-05 00:44:35 24064 ----a-w- c:\windows\system32\drivers\motport.sys
2011-11-05 00:44:34 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-11-05 00:44:33 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-11-05 00:44:33 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-11-05 00:44:33 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-11-05 00:43:58 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-05 00:43:54 -------- d-----w- c:\program files\Motorola
2011-10-29 17:32:40 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:24:34 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-29 17:24:34 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 17:20:10 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEPPEX
2011-10-24 16:02:31 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-20 03:14:57 -------- d-----w- c:\program files\iPod
2011-10-20 03:08:40 -------- d-----w- c:\program files\Bonjour
2011-10-11 19:23:13 -------- d-----w- c:\program files\Conduit
2011-10-11 19:23:02 -------- d-----w- c:\program files\Coupons.com
2011-10-11 19:22:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
==================== Find3M ====================
.
2011-10-07 17:48:01 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48:00 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 17:45:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x867C50E8]<<
_asm { MOV EAX, 0x867c5008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x867ca0d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8671AAB8]
\Driver\Disk[0x8671BB88] -> IRP_MJ_CREATE -> 0x867C50E8
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x867c50e8
\Driver\iaStor -> 0x867c69c0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 16:30:54.20 ===============

Attached Files


    Advertisements

Register to Remove

#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 November 2011 - 07:09 PM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

GMER

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the log created by GMER. :)
Posted Image
 
 

#3 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 07 November 2011 - 08:28 AM

Thanks Jeff! I'll do this as soon as I get home from work. Do I do all of the stuff you are telling me to do in "Safe Mode with Networking" or in normal mode?

#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 November 2011 - 08:35 AM

Hi RetiredChief, Thanks for letting me know. If you are able to do these scans in Normal mode please do so. If not, you can run them in Safe mode as well. If you have any problems let me know. :)
Posted Image
 
 

#5 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 07 November 2011 - 08:39 PM

Jeff, I had to run the scan in safe mode, the virus stops anything from opening and running. The scan appeared to finish, nothing was happening after about an hour and a half. I did not get a "save" button on the screen, so I pressed "OK" and then the Gmer window closed and there was nothing on the screen, no log or file, nothing. What next? Chief

#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 November 2011 - 08:58 PM

Hi there RetiredChief,

RKill

Print out these instructions as we may need to close every window that is open later in the fix.


It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Do not reboot your computer after running rkill as the malware programs will start again.
-------------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it
----------
Posted Image
 
 

#7 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 07 November 2011 - 10:01 PM

Jeff, I opened and selected rkill.exe but a window opened with the following: iexplore.exe-application error The exception unknown software exception (0xc00000fd) occurred in the application at location 0x00eld19f. Click OK to terminate the program. Nothing else happened. I then opened and ran uSeRiNiT.exe but didn't see anything change. I then opened and ran aswMBR and saved the file when it finished. Here it is: aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-07 19:45:03 ----------------------------- 19:45:03.031 OS Version: Windows 5.1.2600 Service Pack 3 19:45:03.031 Number of processors: 1 586 0x2701 19:45:03.031 ComputerName: BLAKLEY UserName: 19:45:03.562 Initialize success 19:45:25.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 19:45:25.515 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3 19:45:27.593 Disk 0 MBR read successfully 19:45:27.609 Disk 0 MBR scan 19:45:27.625 Disk 0 unknown MBR code 19:45:27.671 Disk 0 scanning sectors +390716865 19:45:27.937 Disk 0 scanning C:\WINDOWS\system32\drivers 19:46:16.765 Service scanning 19:46:18.156 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 19:46:18.703 Modules scanning 19:47:05.328 Disk 0 trace - called modules: 19:47:05.421 ntoskrnl.exe >>UNKNOWN [0x867c5eb0]<< 19:47:05.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8674c9c0] 19:47:05.468 \Driver\Disk[0x86702a30] -> IRP_MJ_CREATE -> 0x867c5eb0 19:47:05.500 Scan finished successfully 19:51:44.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 19:51:44.078 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt" 19:52:00.281 Disk 0 MBR has been saved successfully to "L:\MBR.dat" 19:52:00.343 The log file has been saved successfully to "L:\aswMBR.txt"

#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 November 2011 - 07:09 AM

Hi RetiredChief,

RKill did just what it was supposed to do. :thumbup:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
------------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

In your next reply please post the logs created by both TDSSKiller and ComboFix. :)
Posted Image
 
 

#9 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 08 November 2011 - 08:34 AM

Jeff, I have College Class tonight after work. If this does not take more than 45 minutes to an Hour I'll run it when I get home from class at 9:00 PM PST, but if it will take longer, It won't happen until I get home from work tomorrow. I get up at 4:45 AM to go to work so I am usually in bed by 9:30 PM. Please let me know if there is a "normal" amount of time this takes. Thanks! Chief

#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 November 2011 - 08:53 AM

Hi RetiredChief, There is not really a "normal" amount of time to finish these scans. It is no problem when you get me the logs. I will keep the topic open for three days before I even ask if you still need help. Take your time. :)
Posted Image
 
 

    Advertisements

Register to Remove

#11 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 09 November 2011 - 05:48 PM

Jeff, Here is the TDSSKiller Log File. After running as directed and re-booting my machine, I attempted to run Combofix my input functions were disabled. I could move the cursor but no buttons would work or any keystrokes from my keyboard. I waited about 15 minutes and then manually shut down the computer and re-started it. I then ran Combofix in safe mode and it appeared to finish but no windows opened IRT system recovery etc. and the computer just stopped everything. No mouse or keyboard again and no activity on the light next to the power button. I am leaving it on until I hear form you. Chief 15:09:46.0148 1760 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51 15:09:46.0648 1760 ============================================================ 15:09:46.0648 1760 Current date / time: 2011/11/09 15:09:46.0648 15:09:46.0648 1760 SystemInfo: 15:09:46.0648 1760 15:09:46.0664 1760 OS Version: 5.1.2600 ServicePack: 3.0 15:09:46.0664 1760 Product type: Workstation 15:09:46.0664 1760 ComputerName: BLAKLEY 15:09:46.0664 1760 UserName: HP_Administrator 15:09:46.0664 1760 Windows directory: C:\WINDOWS 15:09:46.0664 1760 System windows directory: C:\WINDOWS 15:09:46.0664 1760 Processor architecture: Intel x86 15:09:46.0664 1760 Number of processors: 1 15:09:46.0664 1760 Page size: 0x1000 15:09:46.0664 1760 Boot type: Normal boot 15:09:46.0664 1760 ============================================================ 15:09:56.0726 1760 Initialize success 15:09:58.0945 2544 ============================================================ 15:09:58.0945 2544 Scan started 15:09:58.0945 2544 Mode: Manual; 15:09:58.0945 2544 ============================================================ 15:10:00.0320 2544 Abiosdsk - ok 15:10:00.0867 2544 abp480n5 - ok 15:10:01.0617 2544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:10:01.0648 2544 ACPI - ok 15:10:02.0320 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:10:02.0398 2544 ACPIEC - ok 15:10:02.0742 2544 adpu160m - ok 15:10:03.0633 2544 AE1000 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys 15:10:04.0179 2544 AE1000 - ok 15:10:04.0773 2544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:10:05.0008 2544 aec - ok 15:10:05.0711 2544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:10:05.0726 2544 AFD - ok 15:10:06.0023 2544 Aha154x - ok 15:10:06.0523 2544 aic78u2 - ok 15:10:07.0101 2544 aic78xx - ok 15:10:07.0992 2544 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 15:10:10.0133 2544 ALCXWDM - ok 15:10:10.0414 2544 AliIde - ok 15:10:11.0117 2544 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 15:10:11.0117 2544 AmdK8 - ok 15:10:11.0836 2544 amsint - ok 15:10:12.0648 2544 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 15:10:12.0711 2544 aracpi - ok 15:10:13.0242 2544 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 15:10:13.0289 2544 arhidfltr - ok 15:10:13.0804 2544 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 15:10:13.0836 2544 arkbcfltr - ok 15:10:14.0414 2544 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 15:10:14.0461 2544 armoucfltr - ok 15:10:15.0070 2544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:10:15.0164 2544 Arp1394 - ok 15:10:15.0539 2544 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 15:10:15.0601 2544 ARPolicy - ok 15:10:16.0289 2544 asc - ok 15:10:16.0867 2544 asc3350p - ok 15:10:17.0351 2544 asc3550 - ok 15:10:17.0523 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:10:17.0601 2544 AsyncMac - ok 15:10:18.0101 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:10:18.0117 2544 atapi - ok 15:10:18.0648 2544 Atdisk - ok 15:10:19.0023 2544 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:10:20.0273 2544 ati2mtag - ok 15:10:20.0664 2544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:10:20.0695 2544 Atmarpc - ok 15:10:21.0148 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:10:21.0164 2544 audstub - ok 15:10:21.0476 2544 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 15:10:21.0523 2544 bb-run - ok 15:10:22.0023 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:10:22.0117 2544 Beep - ok 15:10:22.0523 2544 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 15:10:22.0570 2544 BVRPMPR5 - ok 15:10:22.0586 2544 catchme - ok 15:10:22.0929 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:10:22.0945 2544 cbidf2k - ok 15:10:23.0523 2544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:10:23.0554 2544 CCDECODE - ok 15:10:23.0789 2544 cd20xrnt - ok 15:10:24.0320 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:10:24.0414 2544 Cdaudio - ok 15:10:24.0929 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:10:25.0023 2544 Cdfs - ok 15:10:25.0414 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:10:25.0492 2544 Cdrom - ok 15:10:25.0961 2544 Changer - ok 15:10:26.0695 2544 cmdGuard (be1e51b694cadc4043e428a914ee544e) C:\WINDOWS\system32\DRIVERS\cmdguard.sys 15:10:27.0320 2544 cmdGuard - ok 15:10:27.0773 2544 cmdHlp (f0a78783a95b788856eec1c36d0a1e59) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 15:10:27.0929 2544 cmdHlp - ok 15:10:28.0289 2544 CmdIde - ok 15:10:28.0414 2544 Cpqarray - ok 15:10:28.0492 2544 dac2w2k - ok 15:10:28.0539 2544 dac960nt - ok 15:10:28.0773 2544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:10:28.0867 2544 Disk - ok 15:10:29.0070 2544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:10:29.0242 2544 dmboot - ok 15:10:29.0664 2544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:10:29.0758 2544 dmio - ok 15:10:30.0117 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:10:30.0133 2544 dmload - ok 15:10:30.0273 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:10:30.0336 2544 DMusic - ok 15:10:30.0508 2544 dpti2o - ok 15:10:30.0601 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:10:30.0617 2544 drmkaud - ok 15:10:30.0867 2544 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys 15:10:30.0929 2544 dtscsi - ok 15:10:31.0179 2544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:10:31.0226 2544 Fastfat - ok 15:10:31.0617 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:10:31.0679 2544 Fdc - ok 15:10:31.0992 2544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:10:32.0039 2544 Fips - ok 15:10:32.0101 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:10:32.0148 2544 Flpydisk - ok 15:10:32.0414 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:10:32.0445 2544 FltMgr - ok 15:10:32.0586 2544 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 15:10:32.0586 2544 fssfltr - ok 15:10:32.0679 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:10:32.0711 2544 Fs_Rec - ok 15:10:32.0789 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:10:32.0836 2544 Ftdisk - ok 15:10:33.0242 2544 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 15:10:33.0351 2544 ftsata2 - ok 15:10:33.0898 2544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:10:34.0008 2544 GEARAspiWDM - ok 15:10:35.0148 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:10:35.0242 2544 Gpc - ok 15:10:36.0117 2544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:10:36.0164 2544 HidUsb - ok 15:10:36.0929 2544 hpn - ok 15:10:37.0508 2544 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 15:10:37.0679 2544 HSFHWBS2 - ok 15:10:39.0008 2544 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 15:10:39.0851 2544 HSF_DP - ok 15:10:40.0679 2544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:10:40.0867 2544 HTTP - ok 15:10:41.0679 2544 i2omgmt - ok 15:10:42.0226 2544 i2omp - ok 15:10:43.0148 2544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:10:43.0242 2544 i8042prt - ok 15:10:44.0351 2544 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:10:44.0758 2544 iaStor - ok 15:10:45.0070 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:10:45.0164 2544 Imapi - ok 15:10:45.0508 2544 ini910u - ok 15:10:46.0258 2544 Inspect (d22ac37cbe6cf295416ef84245b804a8) C:\WINDOWS\system32\DRIVERS\inspect.sys 15:10:46.0351 2544 Inspect - ok 15:10:46.0945 2544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 15:10:47.0492 2544 IntelIde - ok 15:10:48.0039 2544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:10:48.0039 2544 intelppm - ok 15:10:48.0304 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:10:48.0398 2544 Ip6Fw - ok 15:10:48.0851 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:10:48.0898 2544 IpFilterDriver - ok 15:10:49.0336 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:10:49.0398 2544 IpInIp - ok 15:10:49.0711 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:10:49.0711 2544 IpNat - ok 15:10:49.0836 2544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:10:49.0929 2544 IPSec - ok 15:10:50.0273 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:10:50.0398 2544 IRENUM - ok 15:10:50.0664 2544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:10:50.0726 2544 isapnp - ok 15:10:51.0133 2544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:10:51.0195 2544 Kbdclass - ok 15:10:51.0617 2544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:10:51.0664 2544 kbdhid - ok 15:10:52.0008 2544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:10:52.0023 2544 kmixer - ok 15:10:52.0195 2544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:10:52.0195 2544 KSecDD - ok 15:10:52.0508 2544 lbrtfdc - ok 15:10:52.0679 2544 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 15:10:52.0851 2544 MBAMProtector - ok 15:10:53.0039 2544 mcdbus - ok 15:10:53.0133 2544 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:10:53.0164 2544 mdmxsdk - ok 15:10:53.0398 2544 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 15:10:53.0429 2544 MHNDRV - ok 15:10:53.0679 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:10:53.0758 2544 mnmdd - ok 15:10:53.0867 2544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:10:53.0867 2544 Modem - ok 15:10:53.0945 2544 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys 15:10:54.0086 2544 motccgp - ok 15:10:54.0383 2544 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 15:10:54.0414 2544 motccgpfl - ok 15:10:54.0633 2544 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys 15:10:54.0664 2544 motmodem - ok 15:10:54.0758 2544 motport (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motport.sys 15:10:54.0789 2544 motport - ok 15:10:54.0851 2544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:10:54.0898 2544 Mouclass - ok 15:10:54.0961 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:10:55.0008 2544 mouhid - ok 15:10:55.0070 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:10:55.0101 2544 MountMgr - ok 15:10:55.0179 2544 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 15:10:55.0304 2544 MpFilter - ok 15:10:55.0617 2544 MpKsl091f2b95 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E278B1A-396F-41A3-BF09-6C34D49773B3}\MpKsl091f2b95.sys 15:10:55.0664 2544 MpKsl091f2b95 - ok 15:10:55.0883 2544 MpKsl0f7c0b36 - ok 15:10:55.0929 2544 MpKsl5744934b - ok 15:10:55.0961 2544 MpKsl5ff3be24 - ok 15:10:56.0008 2544 MpKsl82c4ff9c - ok 15:10:56.0070 2544 MpKsl978dd345 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E278B1A-396F-41A3-BF09-6C34D49773B3}\MpKsl978dd345.sys 15:10:56.0070 2544 MpKsl978dd345 - ok 15:10:56.0101 2544 MpKsl9dd2a4f5 - ok 15:10:56.0133 2544 MpKsla1025ecb - ok 15:10:56.0164 2544 MpKslb899b9ea - ok 15:10:56.0179 2544 MpKslbd4858d2 - ok 15:10:56.0492 2544 mraid35x - ok 15:10:57.0070 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:10:57.0367 2544 MRxDAV - ok 15:10:57.0804 2544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:10:57.0836 2544 MRxSmb - ok 15:10:58.0023 2544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:10:58.0054 2544 Msfs - ok 15:10:58.0179 2544 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys 15:10:58.0211 2544 MSHUSBVideo - ok 15:10:58.0320 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:10:58.0336 2544 MSKSSRV - ok 15:10:58.0414 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:10:58.0429 2544 MSPCLOCK - ok 15:10:58.0508 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:10:58.0539 2544 MSPQM - ok 15:10:58.0601 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:10:58.0601 2544 mssmbios - ok 15:10:58.0679 2544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:10:58.0726 2544 MSTEE - ok 15:10:58.0773 2544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:10:58.0773 2544 Mup - ok 15:10:58.0836 2544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:10:58.0867 2544 NABTSFEC - ok 15:10:58.0945 2544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:10:59.0023 2544 NDIS - ok 15:10:59.0070 2544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:10:59.0133 2544 NdisIP - ok 15:10:59.0226 2544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:10:59.0226 2544 NdisTapi - ok 15:10:59.0273 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:10:59.0289 2544 Ndisuio - ok 15:10:59.0336 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:10:59.0383 2544 NdisWan - ok 15:10:59.0445 2544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:10:59.0445 2544 NDProxy - ok 15:10:59.0508 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:10:59.0539 2544 NetBIOS - ok 15:10:59.0570 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:10:59.0601 2544 NetBT - ok 15:10:59.0695 2544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:10:59.0695 2544 NIC1394 - ok 15:10:59.0742 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:10:59.0867 2544 Npfs - ok 15:11:00.0570 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:11:00.0601 2544 Ntfs - ok 15:11:00.0711 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:11:00.0742 2544 Null - ok 15:11:00.0804 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:11:00.0836 2544 NwlnkFlt - ok 15:11:00.0976 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:11:01.0008 2544 NwlnkFwd - ok 15:11:01.0133 2544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:11:01.0133 2544 ohci1394 - ok 15:11:01.0211 2544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 15:11:01.0273 2544 Parport - ok 15:11:01.0289 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:11:01.0320 2544 PartMgr - ok 15:11:01.0351 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:11:01.0367 2544 ParVdm - ok 15:11:01.0414 2544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:11:01.0476 2544 PCI - ok 15:11:01.0508 2544 PCIDump - ok 15:11:01.0523 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:11:01.0539 2544 PCIIde - ok 15:11:01.0586 2544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:11:01.0617 2544 Pcmcia - ok 15:11:01.0633 2544 PDCOMP - ok 15:11:01.0648 2544 PDFRAME - ok 15:11:01.0679 2544 PDRELI - ok 15:11:01.0695 2544 PDRFRAME - ok 15:11:01.0711 2544 perc2 - ok 15:11:01.0726 2544 perc2hib - ok 15:11:01.0867 2544 PnkBstrK (f0204861cea69f8ce7a912fe6eab0e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys 15:11:01.0914 2544 PnkBstrK - ok 15:11:02.0054 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:11:02.0086 2544 PptpMiniport - ok 15:11:02.0148 2544 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 15:11:02.0195 2544 Processor - ok 15:11:02.0304 2544 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys 15:11:02.0367 2544 Ps2 - ok 15:11:02.0414 2544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:11:02.0461 2544 PSched - ok 15:11:02.0492 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:11:02.0523 2544 Ptilink - ok 15:11:02.0554 2544 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:11:02.0586 2544 PxHelp20 - ok 15:11:02.0601 2544 ql1080 - ok 15:11:02.0617 2544 Ql10wnt - ok 15:11:02.0695 2544 ql12160 - ok 15:11:02.0804 2544 ql1240 - ok 15:11:03.0086 2544 ql1280 - ok 15:11:03.0539 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:11:03.0586 2544 RasAcd - ok 15:11:04.0054 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:11:04.0117 2544 Rasl2tp - ok 15:11:04.0289 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:11:04.0351 2544 RasPppoe - ok 15:11:04.0570 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:11:04.0648 2544 Raspti - ok 15:11:04.0914 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:11:05.0008 2544 Rdbss - ok 15:11:05.0070 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:11:05.0101 2544 RDPCDD - ok 15:11:05.0429 2544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:11:05.0664 2544 rdpdr - ok 15:11:05.0851 2544 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 15:11:05.0851 2544 RDPWD - ok 15:11:05.0929 2544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:11:05.0992 2544 redbook - ok 15:11:06.0289 2544 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 15:11:06.0383 2544 RTL8023xp - ok 15:11:06.0711 2544 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 15:11:06.0773 2544 rtl8139 - ok 15:11:07.0133 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:11:07.0164 2544 Secdrv - ok 15:11:07.0804 2544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 15:11:07.0976 2544 Serial - ok 15:11:08.0461 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:11:08.0492 2544 Sfloppy - ok 15:11:08.0883 2544 Simbad - ok 15:11:09.0101 2544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:11:09.0148 2544 SLIP - ok 15:11:09.0679 2544 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 15:11:09.0758 2544 SONYPVU1 - ok 15:11:10.0039 2544 Sparrow - ok 15:11:10.0289 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:11:10.0336 2544 splitter - ok 15:11:11.0086 2544 sptd (70b7f9f6f826df5f510a29a983c00f27) C:\WINDOWS\system32\Drivers\sptd.sys 15:11:11.0086 2544 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 70b7f9f6f826df5f510a29a983c00f27 15:11:11.0086 2544 sptd ( LockedFile.Multi.Generic ) - warning 15:11:11.0086 2544 sptd - detected LockedFile.Multi.Generic (1) 15:11:11.0492 2544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:11:11.0617 2544 sr - ok 15:11:12.0133 2544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:11:12.0242 2544 Srv - ok 15:11:12.0648 2544 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 15:11:12.0695 2544 StillCam - ok 15:11:12.0976 2544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:11:13.0023 2544 streamip - ok 15:11:13.0539 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:11:13.0570 2544 swenum - ok 15:11:13.0929 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:11:14.0039 2544 swmidi - ok 15:11:14.0320 2544 symc810 - ok 15:11:14.0476 2544 symc8xx - ok 15:11:14.0726 2544 sym_hi - ok 15:11:14.0836 2544 sym_u3 - ok 15:11:15.0008 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:11:15.0086 2544 sysaudio - ok 15:11:15.0586 2544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:11:15.0742 2544 Tcpip - ok 15:11:16.0101 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:11:16.0133 2544 TDPIPE - ok 15:11:16.0539 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:11:16.0601 2544 TDTCP - ok 15:11:17.0023 2544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:11:17.0086 2544 TermDD - ok 15:11:17.0398 2544 TosIde - ok 15:11:17.0726 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:11:17.0820 2544 Udfs - ok 15:11:18.0179 2544 ultra - ok 15:11:18.0461 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:11:18.0601 2544 Update - ok 15:11:18.0992 2544 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 15:11:19.0039 2544 USBAAPL - ok 15:11:19.0445 2544 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 15:11:19.0539 2544 usbaudio - ok 15:11:19.0961 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:11:20.0039 2544 usbccgp - ok 15:11:20.0539 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:11:20.0586 2544 usbehci - ok 15:11:20.0976 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:11:21.0070 2544 usbhub - ok 15:11:21.0601 2544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 15:11:21.0648 2544 usbohci - ok 15:11:21.0961 2544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:11:22.0039 2544 usbprint - ok 15:11:22.0398 2544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:11:22.0429 2544 usbscan - ok 15:11:22.0836 2544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:11:22.0836 2544 usbstor - ok 15:11:23.0226 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:11:23.0258 2544 usbuhci - ok 15:11:23.0679 2544 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 15:11:23.0726 2544 usbvideo - ok 15:11:24.0148 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:11:24.0211 2544 VgaSave - ok 15:11:24.0554 2544 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 15:11:24.0586 2544 ViaIde - ok 15:11:25.0008 2544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:11:25.0086 2544 VolSnap - ok 15:11:25.0586 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:11:25.0664 2544 Wanarp - ok 15:11:26.0086 2544 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 15:11:26.0258 2544 Wdf01000 - ok 15:11:26.0648 2544 WDICA - ok 15:11:26.0976 2544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:11:27.0086 2544 wdmaud - ok 15:11:27.0648 2544 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:11:28.0054 2544 winachsf - ok 15:11:28.0570 2544 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:11:28.0648 2544 WpdUsb - ok 15:11:29.0101 2544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:11:29.0148 2544 WSTCODEC - ok 15:11:29.0508 2544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:11:29.0601 2544 WudfPf - ok 15:11:30.0023 2544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:11:30.0086 2544 WudfRd - ok 15:11:30.0492 2544 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys 15:11:30.0554 2544 xusb21 - ok 15:11:30.0664 2544 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0 15:11:30.0695 2544 \Device\Harddisk0\DR0 - ok 15:11:30.0726 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR13 15:11:36.0867 2544 \Device\Harddisk6\DR13 - ok 15:11:36.0898 2544 Boot (0x1200) (70631058b9480ab6c2cf991b598be7b1) \Device\Harddisk0\DR0\Partition0 15:11:36.0898 2544 \Device\Harddisk0\DR0\Partition0 - ok 15:11:36.0914 2544 Boot (0x1200) (006359f80626dedeb1af8ca4a1715ea2) \Device\Harddisk0\DR0\Partition1 15:11:36.0914 2544 \Device\Harddisk0\DR0\Partition1 - ok 15:11:36.0929 2544 Boot (0x1200) (5bcaf2e27257e1a70521a715637ab45b) \Device\Harddisk6\DR13\Partition0 15:11:36.0929 2544 \Device\Harddisk6\DR13\Partition0 - ok 15:11:36.0929 2544 ============================================================ 15:11:36.0929 2544 Scan finished 15:11:36.0929 2544 ============================================================ 15:11:36.0976 1460 Detected object count: 1 15:11:36.0976 1460 Actual detected object count: 1 15:12:15.0351 1460 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine 15:12:15.0883 1460 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 15:13:04.0398 3724 Deinitialize success

#12 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 09 November 2011 - 06:41 PM

Jeff, Hold the phone! The computer unlocked after 15 minutes and now Combofix is running. I'll post when done. Chief

#13 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 09 November 2011 - 09:58 PM

Jeff, Combo fix is still running after about 3 hours. The blue box is open, it says "Preparing Log File" and "Do not run any programs until combofix is completed" and a flashing yellow cursor dash. Chief

#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 November 2011 - 09:54 AM

Hi RetiredChief,

If you are still having problems with ComboFix, just shut your computer down and try to run it again in Normal Mode. IF you still have problems boot into Safe Mode with Networking and run ComboFix from there.
Posted Image
 
 

#15 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 11 November 2011 - 03:14 PM

Jeff,

After the third try I finally got it to work in Safe Mode. Here is the log:


ComboFix 11-11-11.06 - Administrator 11/11/2011 12:26:20.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.721 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 20:22 . 2011-11-11 20:22 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\offreg.dll
2011-11-09 23:59 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\mpengine.dll
2011-11-09 23:12 . 2011-11-09 23:12 -------- dc----w- C:\TDSSKiller_Quarantine
2011-11-06 01:37 . 2011-11-06 01:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-05 14:25 . 2011-11-05 14:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon Easy-WebPrint EX
2011-11-05 00:44 . 2011-03-31 21:53 24064 ----a-w- c:\windows\system32\drivers\motport.sys
2011-11-05 00:44 . 2011-03-31 21:53 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-11-05 00:44 . 2011-04-04 21:55 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-11-05 00:44 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-11-05 00:44 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-11-05 00:43 . 2011-11-05 00:43 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-11-05 00:43 . 2011-11-05 00:43 -------- d-----w- c:\program files\Motorola
2011-10-29 17:32 . 2011-10-29 17:33 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:24 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-29 17:24 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 17:20 . 2011-10-29 17:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-10-29 17:20 . 2011-10-29 17:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2011-10-24 16:02 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-20 03:14 . 2011-10-20 03:14 -------- d-----w- c:\program files\iPod
2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Bonjour
2011-10-20 00:44 . 2011-10-20 00:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Coupons.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 19:22 . 2011-10-11 19:22 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-10 14:22 . 2004-08-10 12:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48 . 2010-06-02 02:00 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2010-06-02 02:00 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2010-06-04 18:55 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2010-06-02 02:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-06-02 02:00 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 03:48 . 2011-10-04 22:43 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 17:45 . 2011-08-10 01:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 23:14 . 2011-10-05 04:45 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-03 23:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-30 17:27 . 2011-05-06 14:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_00.43.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-14 02:54 . 2011-08-12 20:51 17272 c:\windows\system32\spmsg.dll
+ 2011-07-14 02:54 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-20 16:57 . 2011-11-10 05:51 50295240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"DATAMNGR"="c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
.
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Registration Silent Hunter III.LNK - c:\program files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
hc_tray.lnk - c:\program files\Kuma Games\hcsystray\hc_tray.exe [N/A]
Jewell DeskMate.LNK - c:\program files\DeskMates\Jewell\Jewell.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\agremind.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Renaissance Wireless Server.lnk - c:\documents and settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe [2007-9-11 6823860]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Renaissance Wireless Server\\Renaissance Wireless Server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/3/2011 12:31 PM 664064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [7/12/2011 7:51 PM 816672]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 492768]
S1 MpKsl0f7c0b36;MpKsl0f7c0b36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02636E4D-33B1-4A9D-93F9-D88436CA3D6D}\MpKsl0f7c0b36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02636E4D-33B1-4A9D-93F9-D88436CA3D6D}\MpKsl0f7c0b36.sys [?]
S1 MpKsl256912b9;MpKsl256912b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\MpKsl256912b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\MpKsl256912b9.sys [?]
S1 MpKsl5744934b;MpKsl5744934b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40394202-2B54-4840-A53F-78E381E1B662}\MpKsl5744934b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40394202-2B54-4840-A53F-78E381E1B662}\MpKsl5744934b.sys [?]
S1 MpKsl5ff3be24;MpKsl5ff3be24;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{158E3422-62FB-4074-825C-F251E1501BEC}\MpKsl5ff3be24.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{158E3422-62FB-4074-825C-F251E1501BEC}\MpKsl5ff3be24.sys [?]
S1 MpKsl82c4ff9c;MpKsl82c4ff9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7232C367-9761-4A6C-BA0E-49C0DD6AE5C3}\MpKsl82c4ff9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7232C367-9761-4A6C-BA0E-49C0DD6AE5C3}\MpKsl82c4ff9c.sys [?]
S1 MpKsl9dd2a4f5;MpKsl9dd2a4f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F49F9929-BC03-461B-A787-CC697C91A1BC}\MpKsl9dd2a4f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F49F9929-BC03-461B-A787-CC697C91A1BC}\MpKsl9dd2a4f5.sys [?]
S1 MpKsla1025ecb;MpKsla1025ecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C179B624-5673-469D-B8BE-7310500DAF9D}\MpKsla1025ecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C179B624-5673-469D-B8BE-7310500DAF9D}\MpKsla1025ecb.sys [?]
S1 MpKslb899b9ea;MpKslb899b9ea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68003CD4-2DF1-4DF8-B327-C3B29DE74819}\MpKslb899b9ea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68003CD4-2DF1-4DF8-B327-C3B29DE74819}\MpKslb899b9ea.sys [?]
S1 MpKslbd4858d2;MpKslbd4858d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422A7366-8CB1-4120-B62B-7E26B6B6F89C}\MpKslbd4858d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422A7366-8CB1-4120-B62B-7E26B6B6F89C}\MpKslbd4858d2.sys [?]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2011 3:25 PM 366152]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 11:35 AM 227184]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2011 3:25 PM 22216]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/4/2011 4:44 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/4/2011 4:44 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/4/2011 4:44 PM 24064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/13/2011 6:41 PM 30576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-12 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
2011-11-05 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-10 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-05 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-11-10 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{BF38A124-251E-4DD5-B80F-B1ED348AAA54}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F9665E1-6A11-4972-B941-EB22DFA68FC7}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\op5b9w5g.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Searchqu 0 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(560)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-11 12:37:50
ComboFix-quarantined-files.txt 2011-11-11 20:37
ComboFix2.txt 2010-08-10 04:52
.
Pre-Run: 154,941,358,080 bytes free
Post-Run: 154,939,678,720 bytes free
.
- - End Of File - - D05D38C27BB72CD9428391F7D7120B22

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·