1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lots of problems, crashing, BSOD etc. Need help!

Discussion in 'Virus & Other Malware Removal' started by Aderon, Jan 3, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    Hey ever since around the 30th of December my computer has been going haywire. 2 BSOD since then, the windows host process fails ALL the time (I tried the BITS fix for this and it said my computer did not need it at the time), can't use windows update for some reason. Everytime I do it basically doesn't install and the host process for windows services closes.

    When I first load the computer, it's nothing but a black screen and a pop up that has the title "palladium" and in the box itself it says "List index out of bounds (0)". I have to run explorer.exe from task manager in order to get my desktop, start bar, icons, etc to even come up

    Whenever I try to use anything that involves looking up files (browsing folders, searching w/ the start bar, etc) it freezes like 95% (never used to do this).

    Originally I thought it was some kind of conflict with google chrome and an xvid plugin i installed on the 30th, but i've uninstalled both of them since then and it's just gotten worse. Also, I need a faster defragger. I tried defragging and after 48+ hours I got a virus and my computer crashed while trying to defrag.

    Heres my logs

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:40:31 AM, on 01/03/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Evan\AppData\Roaming\palladium.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\explorer.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: digiSPTIService - Unknown owner - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

    --
    End of file - 4716 bytes





    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Evan at 10:42:28.30 on 01/03/2011
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2463 [GMT -5:00]

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rpcnet.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\iashost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Evan\AppData\Roaming\palladium.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\explorer.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Evan\Downloads\dds.scr
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    mWinlogon: Userinit=userinit.exe
    uWinlogon: Shell=c:\users\evan\appdata\roaming\palladium.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    StartupFolder: c:\users\evan\appdata\roaming\micros~1\windows\startm~1\programs\startup\autorunsdisabled\xfire.lnk - c:\program files\xfire\xfire.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\evan\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
    Trusted Zone: line6.net
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    LSA: Notification Packages = scecli psqlpwd

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\evan\appdata\roaming\mozilla\firefox\profiles\4gse74pk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\evan\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\evan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\evan\appdata\roaming\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\users\evan\appdata\roaming\mozilla\firefox\profiles\4gse74pk.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\users\evan\appdata\roaming\mozilla\firefox\profiles\4gse74pk.default\extensions\[email protected]\plugins\npTVUAx.dll
    FF - plugin: c:\users\evan\appdata\roaming\mozilla\firefox\profiles\4gse74pk.default\extensions\[email protected]\plugins\npiaplayer.dll
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: InstantAction.com Game Launcher: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============

    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-1-9 73728]
    R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [2009-11-8 193032]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2008-3-29 25856]

    =============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile="%1" %*

    =============== Created Last 30 ================

    2011-01-03 15:40:05 388096 ----a-r- c:\users\evan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-03 15:40:05 -------- d-----w- c:\program files\Trend Micro
    2011-01-02 18:13:47 -------- d-----w- c:\windows\pss
    2011-01-02 17:20:07 442368 ----a-w- c:\users\evan\appdata\roaming\palladium.exe
    2011-01-02 17:20:06 442368 ----a-w- c:\users\evan\appdata\roaming\z.exe
    2010-12-27 00:00:26 -------- d-----w- c:\users\evan\appdata\roaming\Local
    2010-12-14 01:59:21 -------- d-----w- c:\progra~2\pHnBf06301
    2010-12-13 23:42:52 -------- d-----w- c:\users\evan\appdata\roaming\Antares
    2010-12-13 23:42:51 -------- d-----w- c:\program files\Antares Audio Technologies

    ==================== Find3M ====================

    2011-01-03 15:31:59 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-01-03 15:31:56 57752 ----a-w- c:\windows\system32\rpcnet.dll
    2011-01-02 17:32:40 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-10-24 07:29:14 29184 ----a-w- c:\windows\system32\CtLoJack.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD1200BEVS-75UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-2

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xC38E6555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xc38ec7b0]; MOV EAX, [0xc38ec82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0xE2478912] -> \Device\Harddisk0\DR0[0xC38C8030]
    3 CLASSPNP[0xCA1AC8B3] -> ntkrnlpa!IofCallDriver[0xE2478912] -> [0xC3915310]
    \Driver\atapi[0xC38CA428] -> IRP_MJ_CREATE -> 0xC38E6555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskWDC_WD1200BEVS-75UST0___________________01.01A01#5&c05173f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0xc369c1f8
    user != kernel MBR !!!
    copy of MBR has been found in sector 62 !
    copy of MBR has been found in sector 63 !
    sectors 234441646 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 10:43:27.50 ===============




    Thanks for any help you can give.
     

    Attached Files:

  2. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    Any thoughts?
     
  3. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    bump
     
  4. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    bump
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Aderon,

    Proceed as follows please :-

    Step 1

    Please re-open HiJackThis and scan only.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot

    Step 2

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Step 3

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the logs from TDSSKiller and Combofix in your reply,

    Kevin
     
  6. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    2011/01/07 17:15:26.0425 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/07 17:15:26.0425 ================================================================================
    2011/01/07 17:15:26.0425 SystemInfo:
    2011/01/07 17:15:26.0425
    2011/01/07 17:15:26.0425 OS Version: 6.0.6002 ServicePack: 2.0
    2011/01/07 17:15:26.0425 Product type: Workstation
    2011/01/07 17:15:26.0425 ComputerName: EVAN-PC
    2011/01/07 17:15:26.0425 UserName: Evan
    2011/01/07 17:15:26.0425 Windows directory: C:\Windows
    2011/01/07 17:15:26.0425 System windows directory: C:\Windows
    2011/01/07 17:15:26.0425 Processor architecture: Intel x86
    2011/01/07 17:15:26.0425 Number of processors: 2
    2011/01/07 17:15:26.0425 Page size: 0x1000
    2011/01/07 17:15:26.0425 Boot type: Normal boot
    2011/01/07 17:15:26.0425 ================================================================================
    2011/01/07 17:15:34.0304 Initialize success
    2011/01/07 17:15:37.0535 ================================================================================
    2011/01/07 17:15:37.0535 Scan started
    2011/01/07 17:15:37.0535 Mode: Manual;
    2011/01/07 17:15:37.0535 ================================================================================
    2011/01/07 17:15:39.0339 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
    2011/01/07 17:15:39.0487 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/01/07 17:15:39.0603 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/01/07 17:15:39.0686 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/01/07 17:15:39.0742 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/01/07 17:15:39.0796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/01/07 17:15:39.0926 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
    2011/01/07 17:15:40.0029 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/01/07 17:15:40.0128 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/01/07 17:15:40.0184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/01/07 17:15:40.0257 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
    2011/01/07 17:15:40.0317 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/01/07 17:15:40.0369 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
    2011/01/07 17:15:40.0422 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/01/07 17:15:40.0549 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/01/07 17:15:40.0652 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/01/07 17:15:40.0730 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/01/07 17:15:40.0805 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/01/07 17:15:40.0893 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/07 17:15:40.0958 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/01/07 17:15:41.0226 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
    2011/01/07 17:15:41.0336 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/01/07 17:15:41.0494 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/07 17:15:41.0594 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/01/07 17:15:41.0624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/01/07 17:15:41.0732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/01/07 17:15:41.0787 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/01/07 17:15:41.0853 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/01/07 17:15:41.0968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/01/07 17:15:42.0045 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/01/07 17:15:42.0127 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/07 17:15:42.0198 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/07 17:15:42.0245 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/01/07 17:15:42.0303 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/01/07 17:15:42.0375 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/07 17:15:42.0448 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
    2011/01/07 17:15:42.0540 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/07 17:15:42.0601 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/01/07 17:15:42.0654 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/01/07 17:15:42.0760 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/07 17:15:42.0856 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/01/07 17:15:42.0930 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/07 17:15:43.0005 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/07 17:15:43.0098 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/01/07 17:15:43.0248 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/01/07 17:15:43.0537 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/01/07 17:15:44.0030 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/01/07 17:15:44.0057 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/01/07 17:15:44.0160 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/07 17:15:44.0249 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/07 17:15:44.0294 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/01/07 17:15:44.0428 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/07 17:15:44.0496 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/07 17:15:44.0547 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/07 17:15:44.0652 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/01/07 17:15:44.0781 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/07 17:15:44.0970 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/01/07 17:15:45.0079 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/07 17:15:45.0142 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/07 17:15:45.0197 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/01/07 17:15:45.0314 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/01/07 17:15:45.0784 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/07 17:15:46.0146 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/01/07 17:15:46.0507 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
    2011/01/07 17:15:47.0849 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/01/07 17:15:48.0146 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/07 17:15:48.0454 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/01/07 17:15:48.0987 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/01/07 17:15:49.0239 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/01/07 17:15:49.0628 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/07 17:15:49.0980 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/07 17:15:50.0158 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/01/07 17:15:50.0234 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/01/07 17:15:50.0302 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/01/07 17:15:50.0363 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/01/07 17:15:50.0566 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/07 17:15:50.0632 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/01/07 17:15:50.0850 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/01/07 17:15:50.0981 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/07 17:15:51.0072 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/07 17:15:51.0281 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/07 17:15:51.0370 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/07 17:15:51.0534 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/01/07 17:15:51.0693 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/01/07 17:15:51.0779 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/01/07 17:15:52.0021 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/01/07 17:15:52.0267 MAFW (8cb4fa41c156666d21c16a3e57925235) C:\Windows\system32\DRIVERS\mafw.sys
    2011/01/07 17:15:52.0661 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/01/07 17:15:52.0819 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/01/07 17:15:53.0115 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/07 17:15:53.0301 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/07 17:15:53.0451 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/07 17:15:53.0522 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/07 17:15:53.0674 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/01/07 17:15:53.0858 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/07 17:15:53.0935 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/01/07 17:15:54.0095 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/07 17:15:54.0260 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/07 17:15:54.0508 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/07 17:15:54.0688 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/07 17:15:54.0969 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2011/01/07 17:15:55.0133 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/01/07 17:15:55.0277 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/01/07 17:15:55.0424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/01/07 17:15:55.0499 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/07 17:15:55.0567 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/07 17:15:55.0612 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/07 17:15:55.0821 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/07 17:15:55.0986 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/07 17:15:56.0020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/07 17:15:56.0116 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/01/07 17:15:56.0364 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/07 17:15:56.0529 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/01/07 17:15:56.0859 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/07 17:15:57.0133 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/07 17:15:57.0261 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/07 17:15:57.0421 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/07 17:15:57.0816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/07 17:15:58.0023 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/07 17:15:58.0353 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/01/07 17:15:58.0700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/01/07 17:15:58.0917 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
    2011/01/07 17:15:59.0090 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/01/07 17:15:59.0232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/07 17:15:59.0465 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/07 17:15:59.0656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/01/07 17:15:59.0839 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/01/07 17:16:00.0487 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/07 17:16:01.0116 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
    2011/01/07 17:16:01.0178 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
    2011/01/07 17:16:01.0391 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/01/07 17:16:01.0987 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    2011/01/07 17:16:02.0156 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    2011/01/07 17:16:02.0481 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/07 17:16:02.0583 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/01/07 17:16:02.0729 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/01/07 17:16:02.0829 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/01/07 17:16:02.0887 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/01/07 17:16:02.0963 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
    2011/01/07 17:16:03.0042 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/01/07 17:16:03.0256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/01/07 17:16:03.0675 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/07 17:16:03.0792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/01/07 17:16:03.0895 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/07 17:16:04.0062 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/01/07 17:16:04.0202 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/01/07 17:16:04.0302 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/07 17:16:04.0424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/07 17:16:04.0525 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/07 17:16:04.0759 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/07 17:16:04.0779 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/07 17:16:04.0815 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/07 17:16:04.0932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/07 17:16:04.0988 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/07 17:16:05.0133 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/07 17:16:05.0227 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/07 17:16:05.0288 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/01/07 17:16:05.0374 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/01/07 17:16:05.0492 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/01/07 17:16:05.0676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/07 17:16:05.0848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/01/07 17:16:06.0133 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/01/07 17:16:06.0229 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/07 17:16:06.0342 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/01/07 17:16:06.0451 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/01/07 17:16:06.0778 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/01/07 17:16:06.0887 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/07 17:16:07.0006 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/01/07 17:16:07.0072 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/07 17:16:07.0126 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/01/07 17:16:07.0202 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/01/07 17:16:07.0258 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/01/07 17:16:07.0306 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/01/07 17:16:07.0402 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/07 17:16:07.0711 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/01/07 17:16:07.0815 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
    2011/01/07 17:16:07.0815 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    2011/01/07 17:16:07.0820 sptd - detected Locked file (1)
    2011/01/07 17:16:07.0967 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/07 17:16:08.0042 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/07 17:16:08.0093 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/07 17:16:08.0223 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
    2011/01/07 17:16:08.0303 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/07 17:16:08.0367 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/01/07 17:16:08.0433 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/01/07 17:16:08.0496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/01/07 17:16:08.0770 tap0801co (68f0454007df488ec7af04060c6131c3) C:\Windows\system32\DRIVERS\tap0801co.sys
    2011/01/07 17:16:08.0873 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
    2011/01/07 17:16:08.0940 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/07 17:16:09.0021 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/07 17:16:09.0093 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
    2011/01/07 17:16:09.0173 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/07 17:16:09.0237 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/07 17:16:09.0317 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/07 17:16:09.0387 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/07 17:16:09.0492 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys
    2011/01/07 17:16:09.0580 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/07 17:16:09.0639 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/01/07 17:16:09.0726 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/07 17:16:09.0801 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/01/07 17:16:09.0917 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/07 17:16:10.0023 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/01/07 17:16:10.0071 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/01/07 17:16:10.0151 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/01/07 17:16:11.0247 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/01/07 17:16:11.0646 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/07 17:16:12.0712 UnlockerDriver5 (0f8c01ec10588c0bd2e319df3d4c04fc) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2011/01/07 17:16:13.0843 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/07 17:16:14.0400 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/01/07 17:16:14.0612 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/07 17:16:14.0662 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/07 17:16:14.0720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/01/07 17:16:14.0836 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/07 17:16:14.0894 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/01/07 17:16:14.0957 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/07 17:16:15.0022 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/07 17:16:15.0105 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    2011/01/07 17:16:15.0181 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/07 17:16:15.0237 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/01/07 17:16:15.0296 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/01/07 17:16:15.0334 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/01/07 17:16:15.0409 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
    2011/01/07 17:16:15.0523 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/01/07 17:16:15.0584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/07 17:16:15.0642 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/01/07 17:16:15.0709 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/01/07 17:16:15.0756 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/01/07 17:16:15.0819 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/07 17:16:15.0848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/07 17:16:15.0895 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/01/07 17:16:15.0976 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/07 17:16:16.0270 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/07 17:16:16.0362 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/01/07 17:16:16.0453 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/07 17:16:16.0525 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/07 17:16:16.0598 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
    2011/01/07 17:16:16.0639 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/07 17:16:16.0644 ================================================================================
    2011/01/07 17:16:16.0644 Scan finished
    2011/01/07 17:16:16.0644 ================================================================================
    2011/01/07 17:16:16.0663 Detected object count: 2
    2011/01/07 17:17:13.0869 Locked file(sptd) - User select action: Skip
    2011/01/07 17:17:14.0224 \HardDisk0 - will be cured after reboot
    2011/01/07 17:17:14.0224 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/07 17:17:39.0585 Deinitialize success







    ComboFix 11-01-07.01 - Evan 01/07/2011 17:31:50.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2704 [GMT -5:00]
    Running from: c:\users\Evan\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CFLog
    c:\users\Evan\AppData\Roaming\Local
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\38qs5lck3n1dx.avi.ddr
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\4xtywdpecpprb.avi.ddr
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\cocain-scottpilgrim-cd1_ns.avi.ddr
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\38qs5lck3n1dx.avi.ddp
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\4xtywdpecpprb.avi.ddp
    c:\users\Evan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cocain-scottpilgrim-cd1_ns.avi.ddp
    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
    c:\users\Evan\AppData\Roaming\uid_pal
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
    .

    2011-01-07 22:38 . 2011-01-07 22:42 -------- d-----w- c:\users\Evan\AppData\Local\temp
    2011-01-06 06:51 . 2011-01-06 06:51 -------- d-----w- c:\users\Evan\AppData\Roaming\Teeworlds
    2011-01-05 16:52 . 2011-01-05 16:52 -------- d-----w- c:\programdata\WindowsSearch
    2011-01-03 15:40 . 2011-01-03 15:40 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-03 15:40 . 2011-01-03 15:40 -------- d-----w- c:\program files\Trend Micro
    2010-12-28 20:39 . 2010-12-28 20:39 -------- d-----w- c:\users\Evan\AppData\Roaming\DivX
    2010-12-14 01:59 . 2010-12-14 03:02 -------- d-----w- c:\programdata\pHnBf06301
    2010-12-13 23:42 . 2010-12-13 23:42 -------- d-----w- c:\users\Evan\AppData\Roaming\Antares
    2010-12-13 23:42 . 2010-12-13 23:42 -------- d-----w- c:\program files\Antares Audio Technologies

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-07 22:42 . 2008-01-12 22:11 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-01-07 22:41 . 2008-01-11 15:16 57752 ----a-w- c:\windows\system32\rpcnet.dll
    2011-01-07 20:15 . 2008-01-12 22:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-12-20 23:09 . 2008-07-27 17:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2008-07-27 17:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-24 07:29 . 2010-10-24 07:29 29184 ----a-w- c:\windows\system32\CtLoJack.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-09-10 21:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-09-10 21:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-1-22 2993488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-07-02 18:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
    2008-03-03 21:43 252424 ----a-w- c:\windows\System32\maFwTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
    2008-03-03 21:43 252424 ----a-w- c:\windows\System32\maFwTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
    2009-11-21 01:33 87144 ----a-w- c:\windows\System32\nvhotkey.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2007-05-10 06:01 36864 ----a-w- c:\windows\OEM02Mon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
    2007-04-17 03:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1277408690-2968104561-4073403266-1000]
    "EnableNotificationsRef"=dword:00000001

    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2736890]
    R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\DRIVERS\tap0801co.sys [2006-08-31 25856]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-21 717296]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
    S3 MAFW;MAFW;c:\windows\system32\DRIVERS\mafw.sys [2008-03-03 193032]

    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: line6.net
    FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\4gse74pk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: InstantAction.com Game Launcher: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
    MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4048)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\System32\rpcnet.exe
    c:\windows\system32\STacSV.exe
    c:\windows\system32\iashost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-07 17:48:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-07 22:48

    Pre-Run: 10,340,667,392 bytes free
    Post-Run: 11,569,541,120 bytes free

    - - End Of File - - 0224155EAC85B82B8536786C17CA39C3
     
  7. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    By the way thanks already for the help you've given so far. I can search for things and browse folders without it freezing now.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Aderon,

    Proceed as follows please :-

    Step 1

    Please download DeFogger to your desktop.
    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
    Do not re-enable these drivers until otherwise instructed.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    I don`t see a dedicated Antivirus program installed, Download and install Microsoft Security Essentials from Here let it update and carry out a quick scan.

    Step 4

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    In your reply let me see the following :-

    • Log from Malwarebytes
    • List of anything found by MSSE, Open the History tab after the scan, check under "all detected items"
    • Log from Security Checks

    Kevin..
     
  9. Aderon

    Aderon Account Closed Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    235
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5481

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    01/07/2011 9:12:32 PM
    mbam-log-2011-01-07 (21-12-32).txt

    Scan type: Quick scan
    Objects scanned: 159580
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)








    MSE showed nothing











    Results of screen317's Security Check version 0.99.8
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 18
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware MpCmdRun.exe
    ``````````End of Log````````````
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Aderon,

    Logs are fine, if you have no remaining issues we can clean up. Proceed as follows please :-

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.

    Any tools/logs left on the Desktop can be deleted or dragged to the Recycle Bin.

    Step 3

    Fom Uninstall a Program via Start > Control Panel > remove the following:

    Java(TM) 6 Update 3
    Java(TM) 6 Update 5


    Step 4

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 5

    Download and scan with CCleaner

    1. Use either one of the two free links below the Premium version.
    2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
    3. Then select the items you wish to clean up.

    In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it.
    • Clean all in the Opera section if you use it.
    • Clean Sun Java in the Internet Section.
    • Clean any others that you choose.

    4. Click the "Run Cleaner" button.
    5. A pop up box will appear advising this process will permanently delete files from your system.
    6. Click "OK" and it will scan and clean your system.
    7. Click "exit" when done.

    Let me know if the above steps completed OK, especially the Combofix /Uninstall command.

    Kevin.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Lots problems crashing
  1. HaroRider
    Replies:
    12
    Views:
    1,084
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972390

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice