Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Engine Virus


  • This topic is locked This topic is locked

#1
AmandaElsener

AmandaElsener

    Member

  • Member
  • PipPip
  • 12 posts
I have the search engine virus as well. I read the other forums, and did everything as instructed, except for copy/pasting the results to the forum obviously. I'm still having the same problem. I can go to specific websites by typing the actual web address into the bar. However, when I use google, yahoo etc. and I search something, it redirects me to a random ad page. Can you help me? I have already tried restoring my computer to it's original state. Thanks
Amanda

Attached Files


  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

do you have any open topics at other forum(s) ?

if not proceed with below

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Things I would like to see in your reply:
  • aswMBR log
  • OTL.txt and Extras.txt

  • 0

#3
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-28 16:05:15
-----------------------------
16:05:15.359 OS Version: Windows 5.1.2600 Service Pack 3
16:05:15.359 Number of processors: 2 586 0x1C02
16:05:15.359 ComputerName: ELSENER UserName: Amanda
16:05:16.578 Initialize success
16:06:13.375 AVAST engine defs: 11072801
16:06:30.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:06:30.281 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
16:06:30.296 Disk 0 MBR read successfully
16:06:30.296 Disk 0 MBR scan
16:06:30.343 Disk 0 Windows XP default MBR code
16:06:30.359 Disk 0 scanning sectors +312576705
16:06:30.437 Disk 0 scanning C:\WINDOWS\system32\drivers
16:06:40.968 Service scanning
16:06:42.156 Modules scanning
16:06:48.718 Disk 0 trace - called modules:
16:06:48.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85bf6f16]<<
16:06:48.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656b8c8]
16:06:48.765 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8656e3d8]
16:06:48.781 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8656c028]
16:06:48.796 \Driver\iaStor[0x865cc7c8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85bf6f16
16:06:49.640 AVAST engine scan C:\WINDOWS
16:06:59.343 AVAST engine scan C:\WINDOWS\system32
16:09:10.734 AVAST engine scan C:\WINDOWS\system32\drivers
16:09:25.843 AVAST engine scan C:\Documents and Settings\Amanda
16:10:11.093 AVAST engine scan C:\Documents and Settings\All Users
16:10:19.890 Scan finished successfully
16:10:26.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\MBR.dat"
16:10:26.078 The log file has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\aswMBR.txt"
  • 0

#4
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL and EXTRA attatched

Attached Files


  • 0

#5
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Is that what you were looking for?
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
posts the logs instead, do not attach them.
  • 0

#7
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 7/28/2011 4:11:25 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 490.27 Mb Available Physical Memory | 48.29% Memory free
2.38 Gb Paging File | 1.94 Gb Available in Paging File | 81.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 137.27 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: ELSENER | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 16:10:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.scr
PRC - [2009/05/08 10:42:54 | 000,395,776 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/04/16 19:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 18:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 16:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 16:10:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.scr
MOD - [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/27 19:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/20 10:38:18 | 000,232,872 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/13 23:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 16:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/07/28 15:58:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 01:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 16:10:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.scr
[2011/07/28 15:58:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/28 15:57:09 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTM.exe
[2011/07/28 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/28 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/28 15:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
[2011/07/28 15:14:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/28 15:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/28 15:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/28 15:14:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/28 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/28 15:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/28 14:44:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/28 14:39:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/28 14:39:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/28 14:39:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/28 14:39:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/28 14:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/28 14:38:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/28 14:35:24 | 004,156,812 | R--- | C] (Swearware) -- C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
[2011/07/28 14:31:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 14:30:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/28 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Macromedia
[2011/07/28 14:09:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/07/28 14:09:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\Start Menu\Programs\Administrative Tools
[2011/07/28 14:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/07/28 14:00:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Amanda\Application Data\Microsoft
[2011/07/28 14:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Amanda\SendTo
[2011/07/28 14:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Amanda\Recent
[2011/07/28 14:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Amanda\Application Data
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\Start Menu\Programs\Startup
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\Start Menu
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\My Documents\My Pictures
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\My Documents\My Music
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\My Documents
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\Favorites
[2011/07/28 14:00:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amanda\Start Menu\Programs\Accessories
[2011/07/28 14:00:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Amanda\Cookies
[2011/07/28 14:00:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Amanda\Templates
[2011/07/28 14:00:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Amanda\PrintHood
[2011/07/28 14:00:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Amanda\NetHood
[2011/07/28 14:00:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Amanda\Local Settings
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\SRS Labs
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\My Documents\My Videos
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\My Documents\My Office
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\My Documents\My Ebooks
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft Help
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\InstallShield
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Identities
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Desktop
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\ApplicationHistory
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\Adobe
[2011/07/28 14:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/07/28 16:10:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.scr
[2011/07/28 16:10:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\MBR.dat
[2011/07/28 16:04:13 | 000,401,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/28 16:04:13 | 000,063,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/28 15:59:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 15:58:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/28 15:57:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTM.exe
[2011/07/28 15:55:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/28 15:55:31 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2011/07/28 15:55:31 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2011/07/28 15:14:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 14:44:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/28 14:30:35 | 004,156,812 | R--- | M] (Swearware) -- C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
[2011/07/28 14:00:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 14:00:43 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Windows Media Player.lnk
[2011/07/28 14:00:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/28 13:59:53 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/28 13:58:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/28 13:53:38 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/28 16:10:26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\MBR.dat
[2011/07/28 15:55:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/28 15:55:31 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2011/07/28 15:55:31 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2011/07/28 15:14:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 14:44:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/28 14:44:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/28 14:39:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/28 14:39:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/28 14:39:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/28 14:39:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/28 14:39:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 14:00:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Internet Explorer.lnk
[2011/07/28 14:00:43 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Windows Media Player.lnk
[2011/07/28 14:00:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Remote Assistance.lnk
[2011/07/28 14:00:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 14:00:28 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Windows Media Player.lnk
[2011/07/28 14:00:28 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Amanda\Start Menu\Programs\Outlook Express.lnk
[2011/07/28 14:00:28 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Install Norton Internet Security.lnk
[2011/07/28 14:00:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/05/05 14:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 13:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 12:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 12:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 12:02:03 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/05/05 12:00:13 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/05/05 12:00:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/05/05 11:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/28 01:06:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 01:02:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/28 00:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 00:51:38 | 000,401,964 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/28 00:51:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/04/28 00:51:38 | 000,063,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/28 00:51:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/04/28 00:51:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/28 00:51:37 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/28 00:51:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/28 00:51:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/28 00:51:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/04/28 00:51:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/04/28 00:51:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/04/28 00:51:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/04/27 17:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/27 17:58:00 | 000,245,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/05/05 12:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/02/28 00:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/02/20 06:20:49 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/02/28 00:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#8
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL Extras logfile created on: 7/28/2011 4:11:25 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 490.27 Mb Available Physical Memory | 48.29% Memory free
2.38 Gb Paging File | 1.94 Gb Available in Paging File | 81.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 137.27 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: ELSENER | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/28/2011 3:01:25 PM | Computer Name = ELSENER | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/28/2011 3:01:34 PM | Computer Name = ELSENER | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 84ebe438, parameter3
00000000, parameter4 00000000.

Error - 7/28/2011 3:20:51 PM | Computer Name = ELSENER | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/28/2011 3:58:23 PM | Computer Name = ELSENER | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 7/28/2011 4:00:00 PM | Computer Name = ELSENER | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

It looks like you ran Combofix , post the contents of C:\Combofix.txt

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#10
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
2011/07/29 14:39:17.0796 3724 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/29 14:39:18.0312 3724 ================================================================================
2011/07/29 14:39:18.0312 3724 SystemInfo:
2011/07/29 14:39:18.0312 3724
2011/07/29 14:39:18.0312 3724 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/29 14:39:18.0312 3724 Product type: Workstation
2011/07/29 14:39:18.0312 3724 ComputerName: ELSENER
2011/07/29 14:39:18.0312 3724 UserName: Amanda
2011/07/29 14:39:18.0312 3724 Windows directory: C:\WINDOWS
2011/07/29 14:39:18.0312 3724 System windows directory: C:\WINDOWS
2011/07/29 14:39:18.0312 3724 Processor architecture: Intel x86
2011/07/29 14:39:18.0312 3724 Number of processors: 2
2011/07/29 14:39:18.0312 3724 Page size: 0x1000
2011/07/29 14:39:18.0312 3724 Boot type: Normal boot
2011/07/29 14:39:18.0312 3724 ================================================================================
2011/07/29 14:39:19.0390 3724 Initialize success
2011/07/29 14:39:27.0750 2584 ================================================================================
2011/07/29 14:39:27.0750 2584 Scan started
2011/07/29 14:39:27.0750 2584 Mode: Manual;
2011/07/29 14:39:27.0750 2584 ================================================================================
2011/07/29 14:39:29.0203 2584 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/29 14:39:29.0312 2584 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/29 14:39:29.0515 2584 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/29 14:39:29.0625 2584 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/29 14:39:30.0156 2584 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/07/29 14:39:30.0687 2584 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/07/29 14:39:31.0625 2584 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2011/07/29 14:39:31.0734 2584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/29 14:39:31.0812 2584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/29 14:39:31.0921 2584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/29 14:39:32.0015 2584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/29 14:39:32.0156 2584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/29 14:39:33.0015 2584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/29 14:39:33.0062 2584 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/29 14:39:33.0203 2584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/29 14:39:33.0265 2584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/29 14:39:33.0343 2584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/29 14:39:33.0515 2584 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/29 14:39:33.0625 2584 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/29 14:39:33.0953 2584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/29 14:39:34.0062 2584 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/29 14:39:34.0203 2584 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/29 14:39:34.0250 2584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/29 14:39:34.0343 2584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/29 14:39:34.0500 2584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/29 14:39:34.0625 2584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/29 14:39:34.0781 2584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/29 14:39:34.0812 2584 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/29 14:39:34.0890 2584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/29 14:39:34.0968 2584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/29 14:39:35.0093 2584 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/29 14:39:35.0234 2584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/29 14:39:35.0328 2584 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/29 14:39:35.0453 2584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/29 14:39:35.0546 2584 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/29 14:39:35.0703 2584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/29 14:39:35.0890 2584 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/29 14:39:36.0187 2584 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/29 14:39:36.0515 2584 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/29 14:39:36.0937 2584 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/29 14:39:37.0015 2584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/29 14:39:37.0750 2584 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/29 14:39:38.0171 2584 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/29 14:39:38.0328 2584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/29 14:39:38.0421 2584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/29 14:39:38.0500 2584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/29 14:39:38.0656 2584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/29 14:39:38.0765 2584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/29 14:39:38.0796 2584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/29 14:39:38.0921 2584 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/29 14:39:38.0984 2584 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/29 14:39:39.0062 2584 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/29 14:39:39.0171 2584 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/29 14:39:39.0250 2584 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/07/29 14:39:39.0484 2584 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/29 14:39:39.0609 2584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/29 14:39:39.0703 2584 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/29 14:39:39.0921 2584 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/07/29 14:39:40.0281 2584 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/29 14:39:40.0375 2584 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/29 14:39:40.0484 2584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/29 14:39:40.0625 2584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/29 14:39:40.0781 2584 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/29 14:39:41.0031 2584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/29 14:39:41.0390 2584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/29 14:39:41.0593 2584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/29 14:39:41.0656 2584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/29 14:39:41.0734 2584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/29 14:39:41.0781 2584 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/29 14:39:41.0843 2584 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/29 14:39:41.0921 2584 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/29 14:39:42.0062 2584 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/29 14:39:42.0187 2584 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/29 14:39:42.0250 2584 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/29 14:39:42.0312 2584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/29 14:39:42.0437 2584 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/29 14:39:42.0515 2584 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/29 14:39:42.0593 2584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/29 14:39:42.0703 2584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/29 14:39:42.0968 2584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/29 14:39:43.0109 2584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/29 14:39:43.0312 2584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/29 14:39:43.0531 2584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/29 14:39:43.0609 2584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/29 14:39:43.0859 2584 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/29 14:39:44.0000 2584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/29 14:39:44.0125 2584 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/29 14:39:44.0234 2584 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/29 14:39:44.0453 2584 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/29 14:39:44.0531 2584 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/29 14:39:45.0218 2584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/29 14:39:45.0296 2584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/29 14:39:45.0375 2584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/29 14:39:45.0734 2584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/29 14:39:45.0828 2584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/29 14:39:45.0937 2584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/29 14:39:46.0000 2584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/29 14:39:46.0171 2584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/29 14:39:46.0250 2584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/29 14:39:46.0468 2584 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/29 14:39:46.0625 2584 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/29 14:39:47.0015 2584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/29 14:39:47.0218 2584 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/29 14:39:47.0312 2584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/29 14:39:47.0703 2584 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/29 14:39:47.0921 2584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/29 14:39:48.0156 2584 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/29 14:39:48.0359 2584 SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
2011/07/29 14:39:48.0562 2584 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/29 14:39:48.0890 2584 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/29 14:39:49.0078 2584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/29 14:39:49.0203 2584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/29 14:39:49.0906 2584 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/29 14:39:50.0015 2584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/29 14:39:50.0296 2584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/29 14:39:50.0515 2584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/29 14:39:50.0671 2584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/29 14:39:50.0765 2584 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/29 14:39:51.0296 2584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/29 14:39:51.0500 2584 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/29 14:39:51.0609 2584 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/29 14:39:51.0703 2584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/29 14:39:51.0765 2584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/29 14:39:51.0875 2584 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/29 14:39:51.0937 2584 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/29 14:39:52.0015 2584 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/29 14:39:52.0140 2584 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/29 14:39:52.0187 2584 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
2011/07/29 14:39:52.0250 2584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/29 14:39:52.0375 2584 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/29 14:39:52.0546 2584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/29 14:39:52.0640 2584 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/29 14:39:52.0812 2584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/29 14:39:53.0062 2584 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/29 14:39:53.0140 2584 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/29 14:39:53.0218 2584 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/29 14:39:53.0984 2584 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/29 14:39:54.0234 2584 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/29 14:39:54.0296 2584 Boot (0x1200) (eb8cf641e180c13235e105956ea1f22d) \Device\Harddisk0\DR0\Partition0
2011/07/29 14:39:54.0343 2584 ================================================================================
2011/07/29 14:39:54.0343 2584 Scan finished
2011/07/29 14:39:54.0343 2584 ================================================================================
2011/07/29 14:39:54.0406 1108 Detected object count: 1
2011/07/29 14:39:54.0406 1108 Actual detected object count: 1
2011/07/29 14:39:59.0046 1108 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/29 14:39:59.0046 1108 \Device\Harddisk0\DR0 - ok
2011/07/29 14:39:59.0046 1108 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/29 14:40:04.0125 3352 Deinitialize success
  • 0

Advertisements


#11
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Is that the right log?
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
yes this is one, check if you have this C:\Combofix.txt
  • 0

#13
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have the have the Combofix icon on my desktop but I don't see C:\Combofix.txt anywhere
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#15
AmandaElsener

AmandaElsener

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7311

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/29/2011 4:10:52 PM
mbam-log-2011-07-29 (16-10-52).txt

Scan type: Quick scan
Objects scanned: 157518
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP