Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AV Security Suite


  • This topic is locked This topic is locked

#16
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Let's try a different scanner.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

Advertisements


#17
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here ya go...

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5d26d1ccb02dbf41a7b822caea60e3b9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-13 02:22:22
# local_time=2010-04-12 10:22:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 27782379 27782379 0 0
# compatibility_mode=1797 16775125 100 93 0 29271077 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=53933
# found=0
# cleaned=0
# scan_time=7756
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5d26d1ccb02dbf41a7b822caea60e3b9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-14 12:20:23
# local_time=2010-07-13 08:20:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35729819 35729819 0 0
# compatibility_mode=1797 16775141 100 93 0 37218517 0 0
# compatibility_mode=8192 67108863 100 0 7026177 7026177 0 0
# scanned=56977
# found=11
# cleaned=11
# scan_time=1799
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kiabux.exe a variant of Win32/Kryptik.FJT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Default User\Start Menu\Programs\Startup\xeokr.exe.vir a variant of Win32/Kryptik.FJT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\spd13sgl.dll.vir a variant of Win32/Cimag.CW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\A17931y9.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\A9k1793.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\IQGMY9c.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\Q1w931g9.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\SK1yWSK7y.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\UOCE5.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\Y31oC3s79.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\Y931mY3.dll.vir a variant of Win32/Kryptik.FKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#18
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

How's your computer running now?

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#19
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
To be perfectly honest, we have done nothing on the PC till you gave us the green light.

:)

Here ya go...

OTL logfile created on: 7/14/2010 7:56:31 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = D:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 571.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 53.22 Gb Free Space | 77.06% Space Free | Partition Type: NTFS
Drive D: | 480.19 Mb Total Space | 467.09 Mb Free Space | 97.27% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPRCIE
Current User Name: Caprice Light
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\kmw_run.exe (Kensington Technology Group)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 08:38:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 08:38:55 | 000,000,000 | ---D | M]

[2009/02/01 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Extensions
[2010/07/13 06:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions
[2009/09/03 21:31:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/15 09:48:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/13 06:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 09:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/15 09:48:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/12 06:33:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162518473468 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Caprice Light\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caprice Light\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 18:15:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 06:40:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/11 19:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/11 13:15:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/11 07:25:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/11 07:08:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 07:08:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 07:08:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/11 07:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/11 07:06:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/11 07:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\tdsskiller
[2010/07/10 17:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/10 17:41:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Caprice Light\Recent
[2010/07/07 20:32:16 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/07 20:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/03 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet_files
[2010/07/03 15:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/01 19:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 19:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies_files
[2010/06/07 20:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 20:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/16 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals_files
[2010/05/16 13:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do_files
[2010/05/15 10:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/08 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\new shoes_files
[2010/04/25 19:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp_files

========== Files - Modified Within 90 Days ==========

[2010/07/14 19:55:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/14 19:55:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 19:55:04 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/14 06:16:27 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Caprice Light\NTUSER.DAT
[2010/07/14 06:16:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Caprice Light\ntuser.ini
[2010/07/12 19:42:24 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/12 07:33:15 | 000,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 07:32:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 07:27:32 | 000,528,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/12 07:27:32 | 000,459,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/12 07:27:32 | 000,079,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/12 06:33:59 | 000,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 06:33:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 19:09:55 | 003,736,761 | R--- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\ComboFix.exe
[2010/07/11 07:25:22 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/11 07:02:42 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\tdsskiller.zip
[2010/07/10 17:07:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 12:14:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 19:27:51 | 000,123,093 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet.html
[2010/06/29 19:33:11 | 000,097,285 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies.htm
[2010/05/16 13:33:55 | 000,006,362 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals.htm
[2010/05/16 13:10:07 | 000,190,873 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do.htm
[2010/05/08 09:41:22 | 000,383,422 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\new shoes.htm
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 19:40:11 | 000,041,882 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp.htm

========== Files Created - No Company Name ==========

[2010/07/12 06:29:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/11 07:25:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/07/11 07:25:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/11 07:08:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/11 07:08:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 07:08:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 07:08:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 07:08:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/11 07:03:54 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\tdsskiller.zip
[2010/07/11 07:03:37 | 003,736,761 | R--- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\ComboFix.exe
[2010/07/03 19:27:49 | 000,123,093 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet.html
[2010/06/29 19:33:09 | 000,097,285 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies.htm
[2010/05/16 13:33:55 | 000,006,362 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals.htm
[2010/05/16 13:10:04 | 000,190,873 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do.htm
[2010/05/08 09:41:19 | 000,383,422 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\new shoes.htm
[2010/04/25 19:40:09 | 000,041,882 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp.htm
[2008/09/10 22:05:06 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/20 19:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/06/30 13:01:30 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2006/09/15 14:58:10 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/15 14:51:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/15 14:51:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/15 14:51:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/15 14:51:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/15 14:51:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/15 14:51:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/15 14:49:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/15 14:49:01 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/09/15 14:47:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 14:40:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 20:06:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 19:54:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 19:46:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/09/01 18:58:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/01 18:22:45 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 17:56:18 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2006/09/15 14:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/11/02 20:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/07/23 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\InterVideo
[2007/07/21 20:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Kensington

========== Purity Check ==========


< End of report >
  • 0

#20
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

You still have traces of Symantec antivirus on your system. Please use the Norton removal tool here, selecting the correct version, to completely remove Norton from your computer.

-- Step 2 --

Please run a TDSSKiller scan and post the log.
  • 0

#21
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok ran the unistall and it worked but then ran the TS scan, nothing was detected but I did not get a log, did I miss something?

Marm
  • 0

#22
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

The TDSSKiller log should be in your C:\ folder.
  • 0

#23
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
AHHHH There it is!

08:19:14:999 3632 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
08:19:14:999 3632 ================================================================================
08:19:14:999 3632 SystemInfo:

08:19:14:999 3632 OS Version: 5.1.2600 ServicePack: 3.0
08:19:14:999 3632 Product type: Workstation
08:19:14:999 3632 ComputerName: CAPRCIE
08:19:14:999 3632 UserName: Caprice Light
08:19:14:999 3632 Windows directory: C:\WINDOWS
08:19:14:999 3632 System windows directory: C:\WINDOWS
08:19:14:999 3632 Processor architecture: Intel x86
08:19:14:999 3632 Number of processors: 2
08:19:14:999 3632 Page size: 0x1000
08:19:14:999 3632 Boot type: Normal boot
08:19:14:999 3632 ================================================================================
08:19:15:171 3632 Initialize success
08:19:15:171 3632
08:19:15:171 3632 Scanning Services ...
08:19:15:780 3632 Raw services enum returned 353 services
08:19:15:796 3632
08:19:15:796 3632 Scanning Drivers ...
08:19:16:608 3632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:19:16:624 3632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:19:16:702 3632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:19:16:764 3632 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:19:16:827 3632 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
08:19:16:952 3632 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:19:16:967 3632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:19:17:030 3632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:19:17:046 3632 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:19:17:077 3632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:19:17:124 3632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:19:17:264 3632 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
08:19:17:280 3632 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:19:17:311 3632 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:19:17:374 3632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:19:17:514 3632 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:19:17:530 3632 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:19:17:545 3632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:19:17:608 3632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:19:17:639 3632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:19:17:655 3632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:19:17:686 3632 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:19:17:733 3632 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:19:17:764 3632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:19:17:827 3632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:19:17:858 3632 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
08:19:17:889 3632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:19:17:920 3632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:19:17:967 3632 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
08:19:18:092 3632 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
08:19:18:202 3632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:19:18:233 3632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:19:18:248 3632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:19:18:264 3632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:19:18:295 3632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:19:18:327 3632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:19:18:342 3632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:19:18:373 3632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:19:18:452 3632 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:19:18:498 3632 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:19:18:545 3632 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:19:18:623 3632 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:19:18:780 3632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:19:18:889 3632 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:19:19:030 3632 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:19:19:061 3632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:19:19:451 3632 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:19:19:686 3632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:19:19:748 3632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:19:19:779 3632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:19:19:811 3632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:19:19:842 3632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:19:19:920 3632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:19:19:951 3632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:19:19:983 3632 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:19:19:998 3632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:19:20:092 3632 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
08:19:20:154 3632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:19:20:529 3632 KMW_KBD (56c128e5a723f41fc254cdc01e31cf8e) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
08:19:20:779 3632 KMW_SYS (56ab6419f4a49b91964c5c6ded4b0fbe) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
08:19:20:998 3632 KMW_USB (ef593601f3a79bf852fdade89df41223) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
08:19:21:186 3632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:19:21:279 3632 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08:19:21:326 3632 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:19:21:373 3632 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:19:21:420 3632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:19:21:482 3632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:19:21:545 3632 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:19:21:639 3632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:19:21:701 3632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:19:21:732 3632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:19:21:795 3632 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:19:21:810 3632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:19:21:842 3632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:19:21:873 3632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:19:21:904 3632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:19:21:951 3632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:19:21:967 3632 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
08:19:21:998 3632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:19:22:014 3632 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:19:22:092 3632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:19:22:107 3632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:19:22:123 3632 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
08:19:22:139 3632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:19:22:170 3632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:19:22:342 3632 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
08:19:22:498 3632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:19:22:545 3632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:19:22:592 3632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:19:22:638 3632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:19:22:701 3632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:19:22:717 3632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:19:22:732 3632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:19:22:763 3632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:19:22:779 3632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:19:22:826 3632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:19:22:826 3632 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
08:19:22:857 3632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:19:22:873 3632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:19:22:967 3632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:19:22:967 3632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:19:22:998 3632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:19:23:013 3632 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:19:23:076 3632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:19:23:107 3632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:19:23:123 3632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:19:23:154 3632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:19:23:201 3632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:19:23:216 3632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:19:23:248 3632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:19:23:388 3632 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
08:19:23:435 3632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:19:23:498 3632 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:19:23:529 3632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:19:23:560 3632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:19:23:591 3632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:19:23:654 3632 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
08:19:23:685 3632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:19:23:748 3632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:19:23:826 3632 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
08:19:23:857 3632 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:19:23:888 3632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:19:23:904 3632 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
08:19:24:029 3632 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
08:19:24:076 3632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:19:24:123 3632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:19:24:138 3632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:19:24:185 3632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:19:24:248 3632 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
08:19:24:310 3632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:19:24:373 3632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:19:24:404 3632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:19:24:466 3632 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:19:24:529 3632 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:19:24:638 3632 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:19:24:669 3632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:19:24:716 3632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:19:24:748 3632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:19:24:794 3632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:19:24:951 3632 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:19:25:029 3632 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:19:25:122 3632 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:19:25:122 3632
08:19:25:122 3632 Completed
08:19:25:122 3632
08:19:25:122 3632 Results:
08:19:25:122 3632 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:19:25:122 3632 File objects infected / cured / cured on reboot: 0 / 0 / 0
08:19:25:122 3632
08:19:25:138 3632 KLMD(ARK) unloaded successfully
  • 0

#24
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#25
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, she looks good to go.
I have added the prevention and the spyware programs.

Thank you so much for all your time and help. I really appreciate it.

I looked earlier but could not find and was not sure, are folks able to donate to the website?

I would like to do something for all your time and effort.

Thanks,
Marmaduke
  • 0

Advertisements


#26
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Glad to help.

There is information here on how to donate.

Stay safe :)
  • 0

#27
Marmaduke

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you again. The wife gave me an update noting how much faster her PC is now as well.

I will head over and donate.

Marmaduke
  • 0

#28
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts

The wife gave me an update noting how much faster her PC is now as well.

Good news indeed :)
  • 0

#29
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP