1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser being redirected.

Discussion in 'Virus & Other Malware Removal' started by ally4600, Jan 4, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    Browser being redirrected.
     
  2. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    can't post
     
  3. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    hijack this log.
     
  4. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    Keeps saying The connection to the server was reset while the page was loading.
     
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,252
    are any other sites exhibiting this problem, or only this one?
     
  6. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    only this one that i've noticed.
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,252
    can you paste your hjt in the quick reply box?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya ally4600,

    See if you can get the following to run.....

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application(Vista and Windows 7 users right click and select Run as Administrator), then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin..
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,252
    thanks, Kevin.......:)
     
  10. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    2011/01/04 20:12:13.0091 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/04 20:12:13.0091 ================================================================================
    2011/01/04 20:12:13.0091 SystemInfo:
    2011/01/04 20:12:13.0091
    2011/01/04 20:12:13.0091 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/04 20:12:13.0091 Product type: Workstation
    2011/01/04 20:12:13.0091 ComputerName: A97E7077391D4A7
    2011/01/04 20:12:13.0091 UserName: user
    2011/01/04 20:12:13.0091 Windows directory: C:\WINDOWS
    2011/01/04 20:12:13.0091 System windows directory: C:\WINDOWS
    2011/01/04 20:12:13.0091 Processor architecture: Intel x86
    2011/01/04 20:12:13.0091 Number of processors: 2
    2011/01/04 20:12:13.0091 Page size: 0x1000
    2011/01/04 20:12:13.0091 Boot type: Normal boot
    2011/01/04 20:12:13.0091 ================================================================================
    2011/01/04 20:12:13.0372 Initialize success
    2011/01/04 20:12:15.0576 ================================================================================
    2011/01/04 20:12:15.0576 Scan started
    2011/01/04 20:12:15.0576 Mode: Manual;
    2011/01/04 20:12:15.0576 ================================================================================
    2011/01/04 20:12:16.0857 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/04 20:12:16.0904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/04 20:12:16.0966 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
    2011/01/04 20:12:16.0997 adiusbaw (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
    2011/01/04 20:12:17.0044 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    2011/01/04 20:12:17.0107 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/04 20:12:17.0169 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/01/04 20:12:17.0216 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2011/01/04 20:12:17.0294 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/04 20:12:17.0372 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    2011/01/04 20:12:17.0576 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/01/04 20:12:17.0701 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/04 20:12:17.0826 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/04 20:12:17.0857 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/04 20:12:18.0060 ati2mtag (f4ad4955bda925c154b0c87345b5059a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/01/04 20:12:18.0138 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    2011/01/04 20:12:18.0201 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/04 20:12:18.0263 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/04 20:12:18.0294 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/04 20:12:18.0372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/04 20:12:18.0435 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/01/04 20:12:18.0482 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/04 20:12:18.0513 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/04 20:12:18.0544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/04 20:12:18.0607 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
    2011/01/04 20:12:18.0763 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    2011/01/04 20:12:18.0951 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/04 20:12:19.0013 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/04 20:12:19.0076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
    2011/01/04 20:12:19.0107 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/04 20:12:19.0138 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/04 20:12:19.0201 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
    2011/01/04 20:12:19.0263 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    2011/01/04 20:12:19.0294 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
    2011/01/04 20:12:19.0326 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    2011/01/04 20:12:19.0372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/04 20:12:19.0419 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
    2011/01/04 20:12:19.0513 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2011/01/04 20:12:19.0622 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) c:\program files\common files\symantec shared\eengine\eectrl.sys
    2011/01/04 20:12:19.0685 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2011/01/04 20:12:19.0732 epfwtdir (aa0af2830fc14ffd7e80611614ecac74) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    2011/01/04 20:12:19.0779 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/04 20:12:19.0810 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/04 20:12:19.0826 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/04 20:12:19.0872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/04 20:12:19.0888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/04 20:12:19.0935 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/04 20:12:19.0982 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/04 20:12:20.0029 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
    2011/01/04 20:12:24.0013 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/04 20:12:24.0091 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/01/04 20:12:24.0169 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/04 20:12:24.0201 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/04 20:12:24.0247 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/04 20:12:24.0294 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    2011/01/04 20:12:24.0357 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/04 20:12:24.0435 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/01/04 20:12:24.0576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/04 20:12:24.0841 IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/01/04 20:12:24.0904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/04 20:12:24.0966 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/04 20:12:24.0997 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/04 20:12:25.0060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/04 20:12:25.0091 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/04 20:12:25.0138 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/04 20:12:25.0169 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/04 20:12:25.0201 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/04 20:12:25.0232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/04 20:12:25.0294 itchfltr (936123d83e80c1cb3ea042d7fb98da25) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
    2011/01/04 20:12:25.0326 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/04 20:12:25.0357 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/04 20:12:25.0388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/04 20:12:25.0466 lanusb (73f6efd2a2315af34f7872559686c471) C:\WINDOWS\system32\DRIVERS\glausb.sys
    2011/01/04 20:12:25.0513 lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2011/01/04 20:12:25.0591 LGDDCDevice (ed2536079d6a7e9db6864cf1029b6d39) C:\WINDOWS\system32\LGI2CDriver.sys
    2011/01/04 20:12:25.0654 LGII2CDevice (02d2a421d7d49e07617ca4a090592616) C:\WINDOWS\system32\LGPII2CDriver.sys
    2011/01/04 20:12:25.0732 mcdbus (cf156a4797551f88fea61567e052dcec) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2011/01/04 20:12:25.0794 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/04 20:12:25.0826 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/04 20:12:25.0904 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/01/04 20:12:25.0982 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/04 20:12:26.0044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/04 20:12:26.0076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/04 20:12:26.0122 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/04 20:12:26.0201 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/04 20:12:26.0232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/04 20:12:26.0279 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/04 20:12:26.0310 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/04 20:12:26.0341 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/04 20:12:26.0388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/04 20:12:26.0435 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/01/04 20:12:26.0466 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/04 20:12:26.0529 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/01/04 20:12:26.0654 NAVENG (69974d54db3ae9b63d6c721705f36bbc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080406.003\NAVENG.SYS
    2011/01/04 20:12:26.0701 NAVEX15 (d79498c50b79550704c91f1d70528f11) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080406.003\NAVEX15.SYS
    2011/01/04 20:12:26.0747 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/04 20:12:26.0794 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/01/04 20:12:26.0826 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/04 20:12:26.0857 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/04 20:12:26.0888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/04 20:12:26.0919 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/04 20:12:26.0951 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/04 20:12:26.0982 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/04 20:12:27.0029 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/04 20:12:27.0060 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/01/04 20:12:27.0122 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
    2011/01/04 20:12:27.0138 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/04 20:12:27.0201 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/04 20:12:27.0294 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/04 20:12:27.0341 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/04 20:12:27.0388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/04 20:12:27.0419 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/04 20:12:27.0482 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
    2011/01/04 20:12:27.0544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/04 20:12:27.0560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/04 20:12:27.0622 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/04 20:12:27.0638 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/04 20:12:27.0701 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/04 20:12:27.0747 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/04 20:12:27.0982 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/04 20:12:28.0029 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/04 20:12:28.0076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/04 20:12:28.0122 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/04 20:12:28.0279 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/04 20:12:28.0326 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/04 20:12:28.0341 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/04 20:12:28.0357 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/04 20:12:28.0372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/04 20:12:28.0419 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/04 20:12:28.0451 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/04 20:12:28.0482 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/04 20:12:28.0497 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/04 20:12:28.0544 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/01/04 20:12:28.0607 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
    2011/01/04 20:12:28.0654 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2011/01/04 20:12:28.0701 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/01/04 20:12:28.0747 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2011/01/04 20:12:28.0779 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/04 20:12:28.0810 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/04 20:12:28.0841 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/04 20:12:28.0904 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
    2011/01/04 20:12:28.0951 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
    2011/01/04 20:12:28.0966 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/04 20:12:29.0029 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/01/04 20:12:29.0076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/04 20:12:29.0138 sptd (4b6b80496a446a2c8d5728869e37f618) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/01/04 20:12:29.0169 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/04 20:12:29.0263 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
    2011/01/04 20:12:29.0294 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    2011/01/04 20:12:29.0341 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    2011/01/04 20:12:29.0404 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/04 20:12:29.0451 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/01/04 20:12:29.0482 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/04 20:12:29.0529 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/04 20:12:29.0654 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2011/01/04 20:12:29.0810 SYMIDSCO (1db45c243188f7b4c51dd7305d7e5cbb) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080331.001\SymIDSCo.sys
    2011/01/04 20:12:29.0904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/04 20:12:29.0982 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/04 20:12:30.0013 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/04 20:12:30.0060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/04 20:12:30.0091 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/04 20:12:30.0169 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    2011/01/04 20:12:30.0232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/04 20:12:30.0326 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/04 20:12:30.0372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/04 20:12:30.0404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/04 20:12:30.0435 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/04 20:12:30.0482 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/04 20:12:30.0544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/04 20:12:30.0576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/04 20:12:30.0622 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/04 20:12:30.0638 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/01/04 20:12:30.0685 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/04 20:12:30.0732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/04 20:12:30.0810 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
    2011/01/04 20:12:30.0888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/04 20:12:30.0951 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/04 20:12:31.0013 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/01/04 20:12:31.0060 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/01/04 20:12:31.0107 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/04 20:12:31.0138 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/04 20:12:31.0201 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/04 20:12:31.0201 ================================================================================
    2011/01/04 20:12:31.0201 Scan finished
    2011/01/04 20:12:31.0201 ================================================================================
    2011/01/04 20:12:31.0216 Detected object count: 1
    2011/01/04 20:12:46.0872 \HardDisk0 - will be cured after reboot
    2011/01/04 20:12:46.0872 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/04 20:12:53.0310 Deinitialize success
     
  11. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    Had to reboot. Re scaned and no threats were found. Think it worked.

    Thanks.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya ally4600,

    Yep you`ve got to re-boot to kill off that type of infection, TDL4 usually invites other unwanted guests so its best to check to see if your are clean.

    Run the following scans please :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3


    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Post the log from Malwarebytes and both logs from DDS in your reply,

    Kevin
     
  13. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    MBAM found 11 threats.

    Here's the logs.

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by user at 18:02:28.03 on 04/01/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.858 [GMT 0:00]

    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\WakeMeUp\WMUSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\WakeMeUp\WMUAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WakeMeUp\WMUTray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\progra~1\common~1\instal~1\update~1\isuspm.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\user\Desktop\Java\eclipse-java-ganymede-SR2-win32\eclipse\eclipse.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    C:\Program Files\MySQL\MySQL Server 5.5\bin\mysql.exe
    C:\Program Files\UltraChm\UltraChm.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\user\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = ${URL_SEARCHPAGE}
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
    uSearch Bar = hxxp://www.google.com/ie
    mSearch Page = ${URL_SEARCHPAGE}
    uSearchAssistant = hxxp://www.google.com
    uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
    mWinlogon: Shell=Explorer.exe rundll32.exe oskewl
    BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - No File
    uRun: [Eobe] "c:\progra~1\ppatch~1\msiexec.exe" -vt yazr
    uRun: [Oocucow] c:\documents and settings\user\my documents\?racle\m?hta.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge]
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [NexonEULauncher]
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMUTray.exe] c:\program files\wakemeup\WMUTray.exe
    mRun: [zBrowser Launcher] //~c:\program files\logitech\itouch\itouch.exe
    mRun: [ipmon] ipmon.exe
    mRun: [High Definition Audio Property Page Shortcut] //~hdashcut.exe
    mRun: [adiras] adiras.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Regedit32] c:\windows\system32\regedit.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [WMUAgent.exe] c:\program files\wakemeup\WMUAgent.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [braviax]
    uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {05854035-8B79-3CF1-4AA6-579916116B5D} - hxxp://85.255.113.214/1/gdnFR2339.exe
    DPF: {4DD43FB9-05DA-4DB3-5385-089E0EA51DE5} - hxxp://85.255.113.214/1/gdnFR2339.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256811490390
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - No File
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: cinnamomum - No File
    STS: incestuously - No File
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli CPGFRPx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\oj9e3282.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\oj9e3282.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: TinEye Reverse Image Search: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: CHM Reader: {6e098d65-7d2d-46d4-ada0-2f882a29f795} - %profile%\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
    FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-29 64160]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-29 532224]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
    R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-7-15 32512]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-4-16 33792]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080406.003\NAVENG.SYS [2008-4-7 82256]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080406.003\NAVEX15.SYS [2008-4-7 895408]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 136176]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-6-15 20160]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-22 1684736]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 cpuz129;cpuz129;\??\c:\docume~1\user\locals~1\temp\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz_x32.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
    S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2010-11-8 16384]
    S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2010-11-8 19456]
    S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [2010-10-28 618112]
    S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S4 Gpcclascw;Gpcclascw; [x]
    S4 NtmlSvc;NtmlSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

    =============== Created Last 30 ================

    2011-01-04 17:57:15 388096 ----a-r- c:\docume~1\user\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-04 17:57:15 -------- d-----w- c:\program files\Trend Micro
    2010-12-29 14:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\MySQL
    2010-12-24 13:45:10 -------- d-----w- c:\program files\Nero
    2010-12-24 13:44:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
    2010-12-24 13:38:50 -------- d-----w- c:\program files\Ask.com
    2010-12-24 13:38:32 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-24 13:38:18 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-12-24 03:05:27 -------- d-----w- c:\program files\MySQL
    2010-12-21 23:16:34 -------- d-----w- c:\program files\Winamp Detect
    2010-12-18 01:20:07 1531392 ------w- c:\temp\TSDNWIN.exe
    2010-12-18 01:20:06 -------- d-----w- C:\Temp
    2010-12-18 00:57:46 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    2010-12-15 06:20:39 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 06:18:48 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2010-12-09 10:47:06 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
    2010-12-05 20:13:17 70924 ----a-w- c:\windows\system32\EBPMON2.DLL
    2010-12-05 20:13:17 56832 ----a-w- c:\windows\system32\ECBTEG.DLL
    2010-12-05 20:13:17 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
    2010-12-05 20:13:17 -------- d-----w- c:\program files\EPSON
    2010-12-05 19:48:43 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-12-05 19:48:43 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-12-05 19:46:10 -------- d-----w- C:\epson

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-16 16:20:22 0 ----a-w- c:\windows\ativpsrm.bin
    2010-11-08 19:45:05 17488 ----a-w- c:\windows\gdrv.sys
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-27 03:17:32 16330752 ----a-w- c:\windows\system32\atioglxx.dll
    2010-10-27 03:10:48 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2010-10-27 03:10:38 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2010-10-27 03:09:30 4489216 ----a-w- c:\windows\system32\aticaldd.dll
    2010-10-27 03:03:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2010-10-27 02:51:32 3958784 ----a-w- c:\windows\system32\ati3duag.dll
    2010-10-27 02:50:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 02:49:50 301056 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-10-27 02:48:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-10-27 02:36:10 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-10-27 02:30:48 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-10-27 02:30:34 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-10-27 02:30:26 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-10-27 02:30:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-10-27 02:30:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-10-27 02:28:34 614400 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-10-27 02:27:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-10-27 02:26:18 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 02:22:32 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2010-10-27 02:20:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2010-10-27 02:20:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-10-27 02:20:32 196608 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 02:20:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-10-27 02:14:34 704512 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-12 21:36:21 438272 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
    2010-10-12 19:30:23 234576 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-12 19:30:23 234576 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-08-19 17:45:23 17892 ----a-w- c:\program files\common files\becybiwica.bin
    2009-08-17 12:56:18 10417 ----a-w- c:\program files\common files\epojuhexe.bin
    2009-08-17 11:21:17 10237 ----a-w- c:\program files\common files\xuxezew.dll
    2009-08-17 11:21:16 13017 ----a-w- c:\program files\common files\eheny.bin
    2009-08-17 11:21:15 18733 ----a-w- c:\program files\common files\qydaj.pif
    2009-08-14 07:56:31 11663 ----a-w- c:\program files\common files\oxim.com
    2009-08-12 23:31:18 15896 ----a-w- c:\program files\common files\elago.scr
    2005-03-18 10:36:31 35840 ----a-w- c:\program files\StartSetup.exe
    2002-03-05 05:08:11 184320 ----a-w- c:\program files\setup.exe
    2001-09-27 06:56:04 1707856 ----a-w- c:\program files\instmsia.exe
    2001-08-28 04:13:08 1821008 ----a-w- c:\program files\instmsiw.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1200JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC1E555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ac247b0]; MOV EAX, [0x8ac2482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC7FAB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008c[0x8AC703B8]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AC54D98]
    \Driver\atapi[0x8AC47A08] -> IRP_MJ_CREATE -> 0x8AC1E555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD1200JB-00GVA0_____________________08.02D08#5&17ef7b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8AC1E39B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 18:04:29.75 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/10/2009 19:48:26
    System Uptime: 03/01/2011 11:51:34 (31 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2933/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 3.375 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP322: 23/11/2010 11:17:00 - System Checkpoint
    RP323: 24/11/2010 14:16:01 - System Checkpoint
    RP324: 26/11/2010 11:34:55 - System Checkpoint
    RP325: 28/11/2010 05:37:47 - System Checkpoint
    RP326: 29/11/2010 21:24:19 - System Checkpoint
    RP327: 01/12/2010 02:22:20 - System Checkpoint
    RP328: 03/12/2010 01:24:35 - System Checkpoint
    RP329: 04/12/2010 14:55:48 - System Checkpoint
    RP330: 05/12/2010 17:32:40 - System Checkpoint
    RP331: 05/12/2010 20:01:34 - Installed EPSON TWAIN 5
    RP332: 05/12/2010 20:04:13 - Installed EPSON TWAIN 5
    RP333: 07/12/2010 03:02:24 - System Checkpoint
    RP334: 08/12/2010 03:20:27 - System Checkpoint
    RP335: 09/12/2010 15:30:45 - System Checkpoint
    RP336: 10/12/2010 19:24:34 - System Checkpoint
    RP337: 11/12/2010 20:55:08 - System Checkpoint
    RP338: 13/12/2010 00:15:53 - System Checkpoint
    RP339: 14/12/2010 04:23:01 - System Checkpoint
    RP340: 14/12/2010 22:22:50 - Installed Windows Media Player 10
    RP341: 14/12/2010 22:23:57 - Software Distribution Service 3.0
    RP342: 15/12/2010 10:00:16 - Software Distribution Service 3.0
    RP343: 16/12/2010 16:43:04 - System Checkpoint
    RP344: 17/12/2010 20:47:18 - System Checkpoint
    RP345: 19/12/2010 06:57:16 - System Checkpoint
    RP346: 19/12/2010 14:49:21 - Software Distribution Service 3.0
    RP347: 20/12/2010 15:07:58 - System Checkpoint
    RP348: 21/12/2010 19:52:37 - System Checkpoint
    RP349: 22/12/2010 00:55:03 - Removed VideoImpression
    RP350: 22/12/2010 16:31:50 - Removed Skype&#8482; 5.0
    RP351: 23/12/2010 19:29:29 - System Checkpoint
    RP352: 24/12/2010 03:05:26 - Installed MySQL Server 5.5
    RP353: 24/12/2010 13:35:11 - Removed Microsoft Visual C++ 2005 Redistributable
    RP354: 24/12/2010 13:35:41 - Installed Microsoft Visual C++ 2005 Redistributable
    RP355: 24/12/2010 13:37:49 - Installed Windows XP KB942288-v3.
    RP356: 24/12/2010 13:38:12 - Installed DirectX
    RP357: 24/12/2010 13:38:28 - Installed DirectX
    RP358: 24/12/2010 13:44:52 - Installed Nero Burning ROM 10.
    RP359: 26/12/2010 12:15:47 - System Checkpoint
    RP360: 28/12/2010 00:27:08 - System Checkpoint
    RP361: 29/12/2010 05:32:16 - System Checkpoint
    RP362: 29/12/2010 13:43:28 - Removed MySQL Server 5.5
    RP363: 29/12/2010 13:46:28 - Installed MySQL Server 5.5
    RP364: 29/12/2010 13:52:08 - Removed MySQL Server 5.5
    RP365: 29/12/2010 14:00:14 - Installed MySQL Server 5.5
    RP366: 30/12/2010 14:03:16 - System Checkpoint
    RP367: 31/12/2010 14:04:15 - System Checkpoint
    RP368: 01/01/2011 15:45:10 - System Checkpoint
    RP369: 02/01/2011 16:12:55 - System Checkpoint
    RP370: 03/01/2011 17:03:10 - System Checkpoint
    RP371: 04/01/2011 17:57:14 - Installed HiJackThis

    ==== Installed Programs ======================


    @BIOS
    ĀµTorrent
    Ad-Aware
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.9
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Any Video Converter 2.7.8
    Ask Toolbar
    Audacity 1.2.6
    Auralia 3 Student Edition
    Belkin 54g USB Network Adapter
    BT Voyager 105 ADSL Modem
    CDisplay 1.8
    DivX Converter
    DivX Setup
    EasySetPackage
    eMule
    EPSON Printer Software
    EPSON TWAIN 5
    ESET NOD32 Antivirus
    Free FLV Converter V 6.7.3
    Free Video Converter V 1.0
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GtkRadiant-1.3.8-ET
    Guitar Pro 5.2
    Hex Bubbles
    High Definition Audio Driver Package - KB835221
    HiJackThis
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Huawei Modems
    Intel(R) Graphics Media Accelerator Driver
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java DB 10.4.1.3
    Java(TM) 6 Update 2
    Java(TM) 6 Update 21
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 11
    jEdit 4.2
    LAME v3.98.2 for Audacity
    Logitech iTouch Software
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.5.74
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MilkDrop for Winamp 2x (remove only)
    Moyea FLV to Video Converter Pro 2 version 2.2.1.152
    Mozilla Firefox (3.0.9)
    Mozilla Firefox (3.6.13)
    Mpeg2Decoder 1.3
    MySQL Server 5.5
    Native Instruments Service Center
    Native Instruments Traktor
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    OGA Notifier 2.0.0048.0
    OpenAL
    PDF Settings CS5
    PeerGuardian 2.0
    Philips Upgrade Tool
    Pixelfusion WMP Plugin 1.60
    PowerISO
    Quake 4(TM) 1.0.5.2 Patch
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    SAGEM [email protected] 800-840
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sibelius 3
    Sibelius Scorch
    Skype&#8482; 5.0
    Slideshow XL
    SoulSeek 157 NS 12d
    SoulSeek Client 156c
    SpinnerDemo2
    Spybot - Search & Destroy
    Steinberg Cubase SX v3.1.1.944
    StreamPlug Player
    Subtitle Workshop 2.51
    Switch Sound File Converter
    Symantec Real Time Storage Protection Component
    Syncrosoft's License Control
    SyncroSoft Emu (Remove only)
    System Requirements Lab
    System Requirements Lab for Intel
    ToggleEN Toolbar
    Trust 100K Series Webcam
    UltraChm 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Outlook 2007 Junk Email Filter (kb972691)
    Update for Outlook 2007 Junk Email Filter (KB974810)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    Video Enhancer 1.9.3
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.3
    VobSub v2.23 (Remove Only)
    WakeMeUp!
    WebFldrs XP
    WebSlayer-Beta
    Win Web Crawler 3.0
    Winamp
    Winamp Detector Plug-in
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless Manager
    YouTube FLV to AVI converter Pro 2.2.5
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    03/01/2011 23:52:19, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    03/01/2011 23:50:31, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    03/01/2011 23:46:22, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You got the malwarebytes log?
     
  15. ally4600

    ally4600 Thread Starter

    Joined:
    Jan 4, 2011
    Messages:
    14
    yes.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5477

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/01/2011 17:55:26
    mbam-log-2011-01-07 (17-55-26).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 262681
    Time elapsed: 1 hour(s), 13 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 5
    Registry Data Items Infected: 7
    Folders Infected: 2
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4DW4R3 (Rootkit.TDSS) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Value: wscui.cpl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Value: ddnsfilter -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe oskewl) Good: (Explorer.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\program files\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\user\my documents\downloads\Software\poweriso.v3.1.incl.keymaker\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
    c:\program files\edge-security\webslayer-beta\PSAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\user\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\config\systemprofile\application data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\user\application data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\config\systemprofile\Desktop\pc_antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\user\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\user\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972659

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice