Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware trouble

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 1:03 pm

TDSSKiller
2010/12/01 16:57:11.0764 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 16:57:11.0764 ================================================================================
2010/12/01 16:57:11.0764 SystemInfo:
2010/12/01 16:57:11.0764
2010/12/01 16:57:11.0764 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/01 16:57:11.0764 Product type: Workstation
2010/12/01 16:57:11.0764 ComputerName: ALEX-PC
2010/12/01 16:57:11.0766 UserName: Alex
2010/12/01 16:57:11.0766 Windows directory: C:\Windows
2010/12/01 16:57:11.0766 System windows directory: C:\Windows
2010/12/01 16:57:11.0766 Processor architecture: Intel x86
2010/12/01 16:57:11.0766 Number of processors: 2
2010/12/01 16:57:11.0766 Page size: 0x1000
2010/12/01 16:57:11.0766 Boot type: Normal boot
2010/12/01 16:57:11.0766 ================================================================================
2010/12/01 16:57:12.0276 Initialize success
2010/12/01 16:57:16.0707 ================================================================================
2010/12/01 16:57:16.0707 Scan started
2010/12/01 16:57:16.0707 Mode: Manual;
2010/12/01 16:57:16.0707 ================================================================================
2010/12/01 16:57:17.0488 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/01 16:57:17.0650 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/01 16:57:17.0827 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/01 16:57:17.0988 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/01 16:57:18.0162 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/01 16:57:18.0321 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/01 16:57:18.0505 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/01 16:57:18.0698 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/01 16:57:18.0910 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/01 16:57:19.0033 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/01 16:57:19.0201 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/01 16:57:19.0257 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/01 16:57:19.0408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/01 16:57:19.0526 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/01 16:57:19.0616 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/01 16:57:19.0737 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/01 16:57:19.0913 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/01 16:57:20.0002 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/01 16:57:20.0162 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/01 16:57:20.0362 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/01 16:57:20.0402 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/01 16:57:20.0521 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/01 16:57:20.0672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/01 16:57:20.0786 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2010/12/01 16:57:20.0970 atksgt (70f72c50d39f5afa76c17f86223a7c4f) C:\Windows\system32\DRIVERS\atksgt.sys
2010/12/01 16:57:21.0208 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/01 16:57:21.0310 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/01 16:57:21.0493 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/01 16:57:21.0554 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/01 16:57:21.0615 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/01 16:57:21.0650 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/01 16:57:21.0687 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/01 16:57:21.0736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/01 16:57:21.0765 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/01 16:57:21.0806 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/01 16:57:21.0854 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/01 16:57:21.0895 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/01 16:57:22.0275 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/01 16:57:22.0465 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/01 16:57:22.0568 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/01 16:57:22.0657 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/01 16:57:22.0725 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/01 16:57:22.0753 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/01 16:57:22.0793 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/01 16:57:22.0873 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/01 16:57:22.0986 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/01 16:57:23.0033 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/01 16:57:23.0089 dc3d (33e7ab50f87f97abd9057205e27cb182) C:\Windows\system32\DRIVERS\dc3d.sys
2010/12/01 16:57:23.0207 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/01 16:57:23.0266 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/01 16:57:23.0379 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/01 16:57:23.0498 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2010/12/01 16:57:23.0990 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/01 16:57:24.0188 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/01 16:57:24.0474 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/01 16:57:24.0663 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/01 16:57:24.0925 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/01 16:57:25.0092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/01 16:57:25.0301 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/01 16:57:25.0350 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/01 16:57:25.0411 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/01 16:57:25.0474 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/01 16:57:25.0571 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/01 16:57:25.0637 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/01 16:57:25.0677 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/01 16:57:25.0727 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/01 16:57:25.0757 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/01 16:57:25.0811 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/01 16:57:25.0959 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/01 16:57:26.0026 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/01 16:57:26.0154 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/01 16:57:26.0205 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/01 16:57:26.0242 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/01 16:57:26.0293 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/01 16:57:26.0332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/01 16:57:26.0403 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/01 16:57:26.0483 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/01 16:57:26.0537 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/01 16:57:26.0596 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/01 16:57:26.0639 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/01 16:57:26.0717 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/01 16:57:26.0776 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/01 16:57:27.0013 igfx (45d1a22c0e932768729dd422e175a448) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/01 16:57:27.0129 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/01 16:57:27.0279 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/01 16:57:27.0512 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/01 16:57:27.0687 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/01 16:57:27.0741 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/01 16:57:27.0797 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/01 16:57:27.0858 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/01 16:57:27.0897 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/01 16:57:27.0971 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/01 16:57:28.0007 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/01 16:57:28.0054 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/01 16:57:28.0146 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/12/01 16:57:28.0256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/01 16:57:28.0308 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/01 16:57:28.0359 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/01 16:57:28.0411 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/01 16:57:28.0650 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\drivers\libusb0.sys
2010/12/01 16:57:28.0786 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/12/01 16:57:28.0935 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/01 16:57:29.0047 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/01 16:57:29.0088 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/01 16:57:29.0125 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/01 16:57:29.0160 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/01 16:57:29.0214 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/01 16:57:29.0436 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/01 16:57:29.0470 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/01 16:57:29.0547 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/01 16:57:29.0653 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2010/12/01 16:57:29.0789 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
2010/12/01 16:57:29.0903 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2010/12/01 16:57:30.0064 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2010/12/01 16:57:30.0202 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/01 16:57:30.0240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/01 16:57:30.0292 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/01 16:57:30.0334 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/01 16:57:30.0386 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/01 16:57:30.0468 MPFP (4fc96dab9d75c1f544ba45ccbafcae7e) C:\Windows\system32\Drivers\Mpfp.sys
2010/12/01 16:57:30.0644 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/01 16:57:30.0699 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/01 16:57:30.0739 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/01 16:57:30.0793 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/01 16:57:30.0957 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/01 16:57:31.0103 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/01 16:57:31.0249 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/01 16:57:31.0325 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/01 16:57:31.0376 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/01 16:57:31.0411 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/01 16:57:31.0446 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/01 16:57:31.0517 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/01 16:57:31.0558 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/01 16:57:31.0597 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/01 16:57:31.0637 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/01 16:57:31.0684 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/01 16:57:31.0743 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/01 16:57:31.0782 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/01 16:57:31.0821 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/01 16:57:31.0888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/01 16:57:31.0956 NDIS (db2532a906d4660b920ce247074d3896) C:\Windows\system32\drivers\ndis.sys
2010/12/01 16:57:31.0961 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: db2532a906d4660b920ce247074d3896, Fake md5: 23759d175a0a9baaf04d05047bc135a8
2010/12/01 16:57:31.0973 NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/01 16:57:32.0018 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/01 16:57:32.0072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/01 16:57:32.0128 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/01 16:57:32.0168 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/01 16:57:32.0211 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/01 16:57:32.0286 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/01 16:57:32.0333 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/01 16:57:32.0429 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/01 16:57:32.0480 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/01 16:57:32.0529 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/01 16:57:32.0609 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/01 16:57:32.0743 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2010/12/01 16:57:32.0983 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/01 16:57:33.0117 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/01 16:57:33.0162 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/01 16:57:33.0202 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/01 16:57:33.0239 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/01 16:57:33.0298 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/01 16:57:33.0373 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/01 16:57:33.0418 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/01 16:57:33.0469 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/01 16:57:33.0525 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/01 16:57:33.0572 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/01 16:57:33.0620 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/01 16:57:33.0667 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/01 16:57:33.0726 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/01 16:57:33.0897 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/01 16:57:33.0942 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/01 16:57:34.0040 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/01 16:57:34.0138 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/01 16:57:34.0287 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/01 16:57:34.0390 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/01 16:57:34.0451 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/01 16:57:34.0516 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
2010/12/01 16:57:34.0833 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2010/12/01 16:57:35.0069 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\Windows\system32\Drivers\RapportKELL.sys
2010/12/01 16:57:35.0368 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/01 16:57:35.0440 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/01 16:57:35.0527 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/01 16:57:35.0584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/01 16:57:35.0642 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/01 16:57:35.0684 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/01 16:57:35.0728 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/01 16:57:35.0777 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/01 16:57:35.0827 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/01 16:57:35.0888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/01 16:57:35.0932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/01 16:57:35.0987 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/01 16:57:36.0043 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/01 16:57:36.0159 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/01 16:57:36.0219 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/01 16:57:36.0277 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/01 16:57:36.0347 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/01 16:57:36.0431 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/01 16:57:36.0496 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/01 16:57:36.0535 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/01 16:57:36.0611 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/01 16:57:36.0650 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/01 16:57:36.0692 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/01 16:57:36.0741 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/01 16:57:36.0800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/01 16:57:36.0842 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/01 16:57:36.0876 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/01 16:57:36.0937 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/01 16:57:37.0008 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/01 16:57:37.0089 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2010/12/01 16:57:37.0326 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/01 16:57:37.0586 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/01 16:57:37.0635 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/01 16:57:37.0850 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/01 16:57:37.0901 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/01 16:57:37.0985 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/01 16:57:38.0150 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/12/01 16:57:38.0262 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/01 16:57:38.0321 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/01 16:57:38.0374 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/01 16:57:38.0412 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/01 16:57:38.0451 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/01 16:57:38.0530 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/01 16:57:38.0634 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/01 16:57:38.0702 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/01 16:57:38.0756 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/01 16:57:38.0816 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2010/12/01 16:57:38.0930 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/01 16:57:39.0011 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/01 16:57:39.0060 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/01 16:57:39.0113 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/01 16:57:39.0229 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/01 16:57:39.0390 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/01 16:57:39.0440 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/01 16:57:39.0485 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/01 16:57:39.0533 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/01 16:57:39.0574 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/01 16:57:39.0607 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/01 16:57:39.0649 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/01 16:57:39.0687 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/01 16:57:39.0759 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/01 16:57:39.0829 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/01 16:57:39.0876 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/01 16:57:39.0934 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/01 16:57:39.0981 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/01 16:57:40.0040 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/01 16:57:40.0093 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/01 16:57:40.0134 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/01 16:57:40.0189 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/01 16:57:40.0232 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/01 16:57:40.0281 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/01 16:57:40.0344 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/01 16:57:40.0404 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/01 16:57:40.0464 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/01 16:57:40.0513 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/01 16:57:40.0577 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/01 16:57:40.0622 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 16:57:40.0655 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 16:57:40.0765 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/01 16:57:40.0822 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/01 16:57:40.0956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/01 16:57:40.0995 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/01 16:57:41.0116 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/01 16:57:41.0180 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/01 16:57:41.0267 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/01 16:57:41.0344 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/01 16:57:41.0396 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/01 16:57:41.0516 ================================================================================
2010/12/01 16:57:41.0516 Scan finished
2010/12/01 16:57:41.0517 ================================================================================
2010/12/01 16:57:41.0540 Detected object count: 1
2010/12/01 16:58:32.0107 C:\Windows\system32\drivers\ndis.sys - processing error
2010/12/01 16:58:32.0107 Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure
2010/12/01 16:58:47.0017 Deinitialize success
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 1:04 pm

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7735
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 171):
0x8301F000 \SystemRoot\system32\ntkrnlpa.exe
0x8342F000 \SystemRoot\system32\halmacpi.dll
0x80BBE000 \SystemRoot\system32\kdcom.dll
0x8361C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83694000 \SystemRoot\system32\PSHED.dll
0x836A5000 \SystemRoot\system32\BOOTVID.dll
0x836AD000 \SystemRoot\system32\CLFS.SYS
0x836EF000 \SystemRoot\system32\CI.dll
0x84034000 \SystemRoot\system32\drivers\Wdf01000.sys
0x840A5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x840B3000 \SystemRoot\system32\DRIVERS\pci.sys
0x841F0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x84000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8379A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x84026000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x837E2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x837EA000 \SystemRoot\System32\drivers\partmgr.sys
0x83600000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x84216000 \SystemRoot\System32\drivers\volmgrx.sys
0x84261000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x84269000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x84274000 \SystemRoot\System32\drivers\mountmgr.sys
0x8428A000 \SystemRoot\System32\Drivers\UBHelper.sys
0x84292000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8436C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x84375000 \SystemRoot\system32\drivers\fltmgr.sys
0x843A9000 \SystemRoot\system32\drivers\fileinfo.sys
0x843BA000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B428000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B557000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B582000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B595000 \SystemRoot\System32\Drivers\cng.sys
0x8B5F2000 \SystemRoot\System32\drivers\pcw.sys
0x8B400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B60F000 \SystemRoot\system32\drivers\ndis.sys
0x8B6C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B704000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B729000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B768000 \SystemRoot\System32\Drivers\spldr.sys
0x8B770000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B79D000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8B7AB000 \SystemRoot\System32\Drivers\USBD.SYS
0x8B7AD000 \SystemRoot\System32\Drivers\mup.sys
0x8B7BD000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B7C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B409000 \SystemRoot\system32\DRIVERS\disk.sys
0x843C4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x841B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B7F7000 \SystemRoot\System32\Drivers\Null.SYS
0x8B41A000 \SystemRoot\System32\Drivers\Beep.SYS
0x84200000 \SystemRoot\System32\drivers\vga.sys
0x90A05000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90A26000 \SystemRoot\System32\drivers\watchdog.sys
0x90A33000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90A3B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90A43000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90A4B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90A56000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90A64000 \SystemRoot\System32\drivers\tcpip.sys
0x90BAD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90C13000 \SystemRoot\System32\Drivers\Mpfp.sys
0x90C3C000 \SystemRoot\System32\Drivers\TDI.SYS
0x90C47000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90C5E000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x90C73000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CA5000 \SystemRoot\system32\drivers\afd.sys
0x90CFF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90D06000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90D25000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90D36000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90D44000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D57000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90D67000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90DA8000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x90DD1000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
0x9123B000 \??\C:\Windows\system32\drivers\RapportBuka.sys
0x9129B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x912A5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x912AF000 \SystemRoot\system32\drivers\mfehidk.sys
0x912E2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x912E7000 \SystemRoot\System32\drivers\discache.sys
0x912F3000 \SystemRoot\System32\Drivers\dfsc.sys
0x9130B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91319000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91836000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91E58000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91F0F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91F48000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91F72000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91F7D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91FC8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91FD7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9133A000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x92032000 \SystemRoot\system32\DRIVERS\athr.sys
0x92142000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9214C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92150000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x92168000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x92172000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9217F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x921B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x921BD000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x921C5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x921CB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x921D4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x921E6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x921F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91374000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9138C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x913A3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91822000 \SystemRoot\system32\DRIVERS\VClone.sys
0x921FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x913BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x913EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9261A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9265E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97E35000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x980BD000 \SystemRoot\system32\drivers\portcls.sys
0x980EC000 \SystemRoot\system32\drivers\drmk.sys
0x9266F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x98105000 \SystemRoot\system32\drivers\modem.sys
0x98112000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x99560000 \SystemRoot\System32\win32k.sys
0x98135000 \SystemRoot\System32\drivers\Dxapi.sys
0x9813F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x840DD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9814C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9815D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x98174000 \SystemRoot\System32\Drivers\usbvideo.sys
0x98198000 \SystemRoot\system32\DRIVERS\monitor.sys
0x997C0000 \SystemRoot\System32\TSDDD.dll
0x99400000 \SystemRoot\System32\cdd.dll
0x99420000 \SystemRoot\System32\ATMFD.DLL
0x981A3000 \SystemRoot\system32\drivers\luafv.sys
0x981BE000 \SystemRoot\system32\drivers\WudfPf.sys
0x981D8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9278B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x981E8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99C0A000 \SystemRoot\system32\drivers\HTTP.sys
0x99C8F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99CA8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99CBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99CDD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99D18000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99D4B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x99D8E000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9B030000 \SystemRoot\system32\drivers\peauth.sys
0x9B0C7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B0D1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B0F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B0FF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B14E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B19F000 \SystemRoot\system32\drivers\mfebopk.sys
0x9B1A6000 \SystemRoot\system32\drivers\mfeavfk.sys
0x76F70000 \Windows\System32\ntdll.dll
0x47B40000 \Windows\System32\smss.exe
0x771B0000 \Windows\System32\apisetschema.dll
0x00980000 \Windows\System32\autochk.exe
0x77160000 \Windows\System32\ws2_32.dll
0x77130000 \Windows\System32\imagehlp.dll
0x76EC0000 \Windows\System32\msvcrt.dll
0x770E0000 \Windows\System32\gdi32.dll
0x76E20000 \Windows\System32\advapi32.dll
0x76D50000 \Windows\System32\user32.dll
0x770D0000 \Windows\System32\nsi.dll
0x770C0000 \Windows\System32\normaliz.dll
0x76C70000 \Windows\System32\kernel32.dll

Processes (total 71):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
512 csrss.exe
568 C:\Windows\System32\wininit.exe
576 csrss.exe
616 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
940 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1068 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1688 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1748 C:\Program Files\Bonjour\mDNSResponder.exe
1768 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1812 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
1856 C:\Windows\System32\lxbccoms.exe
1896 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1940 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2028 C:\Program Files\McAfee\MPF\MpfSrv.exe
528 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
608 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
972 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2040 C:\Windows\System32\svchost.exe
2112 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2568 PrintIsolationHost.exe
2768 C:\Windows\System32\svchost.exe
2964 C:\Windows\System32\taskeng.exe
2976 C:\Windows\System32\dwm.exe
3000 C:\Windows\explorer.exe
3044 C:\Windows\System32\taskhost.exe
3172 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3516 C:\Windows\System32\taskeng.exe
3528 C:\Windows\System32\igfxtray.exe
3544 C:\Windows\System32\hkcmd.exe
3584 C:\Windows\System32\svchost.exe
3608 C:\Windows\System32\igfxpers.exe
3640 C:\Windows\System32\igfxsrvc.exe
3784 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3804 C:\Program Files\McAfee.com\Agent\mcagent.exe
3820 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3840 C:\Program Files\iTunes\iTunesHelper.exe
3916 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3924 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3936 C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
2128 C:\Windows\ehome\ehmsas.exe
2152 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
3436 C:\Program Files\iPod\bin\iPodService.exe
3964 WmiPrvSE.exe
2872 C:\Windows\System32\SearchIndexer.exe
4140 C:\Program Files\Windows Media Player\wmpnetwk.exe
4216 C:\Windows\System32\SearchProtocolHost.exe
4304 C:\Windows\System32\SearchFilterHost.exe
4536 WmiPrvSE.exe
4608 C:\Windows\System32\svchost.exe
5212 C:\Program Files\Mozilla Firefox\firefox.exe
5872 C:\Windows\servicing\TrustedInstaller.exe
5880 dllhost.exe
5940 dllhost.exe
5984 C:\Users\Alex\Desktop\MBRCheck.exe
5996 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 1:04 pm

Seems to be OK at the moment. No sign of any pop-ups or strange messages
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 1st, 2010, 1:21 pm

Hi LeeAJD.
Seems to be OK at the moment. No sign of any pop-ups or strange messages

Good work well done.
We still need to make further checks so stay with me.

Delete Multiple Files and Folders
We need to delete some files and folders.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    @echo off
    REM: Remove Directory and all sub-directories and files
    rd /s /q "c:\users\Alex\AppData\Roaming\Yqyxzo"
    rd /s /q "c:\users\Alex\AppData\Roaming\Wyyc"
    rd /s /q "c:\users\Alex\AppData\Roaming\Oludod"
    rd /s /q "c:\users\Alex\AppData\Roaming\Uqyz"
    rd /s /q "c:\users\Alex\AppData\Roaming\Wyvoo"
    del %0
  2. Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    Image
    delfile.bat <<------------- you should see this on your desktop.
  3. Right click on delfile.bat and select " Run as administrator " to run it.
    A black CMD window will flash, then disappear...this is normal.
  4. The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • RSITlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 2:18 pm

RSIT Log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alex at 2010-12-01 18:16:59
Microsoft Windows 7 Home Premium
System drive C: has 199 GB (67%) free of 295 GB
Total RAM: 3001 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:06, on 01/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alex\Desktop\RSIT.exe
C:\Program Files\trend micro\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O4 - S-1-5-18 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 9869 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-08-30 237644]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2010-02-17 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-07-12 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-07-12 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-07-12 150552]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-10 1218008]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-16 141608]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-06 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-03 215552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-01 16:57:11 ----A---- C:\TDSSKiller.2.4.10.0_01.12.2010_16.57.11_log.txt
2010-12-01 13:34:27 ----SHD---- C:\$RECYCLE.BIN
2010-12-01 13:33:16 ----A---- C:\ComboFix.txt
2010-12-01 12:17:23 ----A---- C:\Windows\NIRCMD.exe
2010-12-01 12:16:46 ----A---- C:\Windows\SWXCACLS.exe
2010-12-01 12:02:01 ----D---- C:\Program Files\alot
2010-12-01 12:01:53 ----D---- C:\Program Files\WhiteSmoke
2010-11-30 18:47:54 ----A---- C:\Windows\zip.exe
2010-11-30 18:47:54 ----A---- C:\Windows\SWSC.exe
2010-11-30 18:47:54 ----A---- C:\Windows\SWREG.exe
2010-11-30 18:47:54 ----A---- C:\Windows\sed.exe
2010-11-30 18:47:54 ----A---- C:\Windows\PEV.exe
2010-11-30 18:47:54 ----A---- C:\Windows\MBR.exe
2010-11-30 18:47:54 ----A---- C:\Windows\grep.exe
2010-11-30 18:47:27 ----D---- C:\Qoobox
2010-11-30 18:43:50 ----D---- C:\Windows\ERDNT
2010-11-30 18:43:00 ----D---- C:\Program Files\ERUNT
2010-11-30 13:57:04 ----D---- C:\Program Files\trend micro
2010-11-30 13:57:03 ----D---- C:\rsit
2010-11-30 12:16:00 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-20 06:51:45 ----D---- C:\Users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51:42 ----D---- C:\ProgramData\Office Genuine Advantage
2010-11-18 15:25:06 ----A---- C:\Windows\system32\MRT.exe
2010-11-16 23:20:24 ----D---- C:\Program Files\iPod
2010-11-11 16:36:05 ----A---- C:\Windows\system32\rapture3d_oal.dll
2010-11-11 16:36:05 ----A---- C:\Windows\system32\mkl_blueripple.dll
2010-11-11 16:36:04 ----D---- C:\Program Files\BRS
2010-11-11 16:35:58 ----RA---- C:\Windows\system32\tmpDBBF.tmp
2010-11-11 16:35:58 ----D---- C:\Program Files\OpenAL
2010-11-11 16:35:58 ----A---- C:\Windows\system32\wrap_oal.dll
2010-11-11 16:35:58 ----A---- C:\Windows\system32\OpenAL32.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-11-11 16:35:52 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-11-11 16:35:51 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-11-11 16:35:50 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-11-11 16:35:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-11-11 16:33:52 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-11 16:33:50 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-11-11 16:33:04 ----D---- C:\Windows\system32\xlive
2010-11-11 16:33:04 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-11 16:24:39 ----D---- C:\Program Files\Codemasters
2010-11-11 16:00:00 ----D---- C:\Program Files\Elaborate Bytes

======List of files/folders modified in the last 1 months======

2010-12-01 18:16:59 ----D---- C:\Windows\Temp
2010-12-01 17:02:33 ----D---- C:\Windows\system32\config
2010-12-01 17:01:46 ----D---- C:\Users\Alex\AppData\Roaming\Dropbox
2010-12-01 16:57:11 ----D---- C:\Windows\system32\drivers
2010-12-01 12:43:50 ----D---- C:\Windows
2010-12-01 12:43:50 ----A---- C:\Windows\system.ini
2010-12-01 12:42:16 ----D---- C:\Windows\system32\drivers\etc
2010-12-01 12:26:56 ----D---- C:\Windows\System32
2010-12-01 12:26:56 ----D---- C:\Windows\AppPatch
2010-12-01 12:26:54 ----D---- C:\Program Files\Common Files
2010-12-01 12:19:56 ----D---- C:\Program Files\QuickTime
2010-12-01 12:19:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-01 12:19:56 ----D---- C:\Program Files\Launch Manager
2010-12-01 12:19:56 ----D---- C:\Program Files\iTunes
2010-12-01 12:19:54 ----D---- C:\Program Files\AmIcoSingLun
2010-12-01 12:12:18 ----D---- C:\Windows\Minidump
2010-12-01 12:09:43 ----D---- C:\Windows\system32\catroot2
2010-12-01 12:02:01 ----RD---- C:\Program Files
2010-11-30 19:08:10 ----D---- C:\Windows\system32\Tasks
2010-11-30 19:08:09 ----D---- C:\Windows\Tasks
2010-11-30 19:03:28 ----D---- C:\Program Files\Internet Explorer
2010-11-30 18:48:11 ----SHD---- C:\System Volume Information
2010-11-30 13:54:19 ----D---- C:\Windows\Cooking Dash
2010-11-30 13:52:47 ----D---- C:\Program Files\Microsoft
2010-11-30 12:05:09 ----D---- C:\ProgramData
2010-11-30 12:03:06 ----SHD---- C:\Windows\Installer
2010-11-30 12:02:56 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-30 12:02:56 ----D---- C:\ProgramData\Lavasoft
2010-11-24 22:33:54 ----D---- C:\Windows\Prefetch
2010-11-24 12:41:14 ----D---- C:\Windows\system32\NDF
2010-11-22 18:49:46 ----D---- C:\Windows\inf
2010-11-20 22:01:52 ----D---- C:\Windows\system32\catroot
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-TW
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-HK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\tr-TR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\sv-SE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\pt-BR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nl-NL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nb-NO
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ko-KR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\it-IT
2010-11-18 15:29:34 ----D---- C:\Windows\system32\he-IL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fr-FR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fi-FI
2010-11-18 15:29:34 ----D---- C:\Windows\system32\es-ES
2010-11-18 15:29:34 ----D---- C:\Windows\system32\el-GR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\de-DE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\da-DK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ar-SA
2010-11-18 15:29:33 ----D---- C:\Windows\system32\en-US
2010-11-18 15:25:10 ----D---- C:\Windows\debug
2010-11-16 23:20:23 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 23:17:34 ----D---- C:\Windows\system32\DriverStore
2010-11-11 16:36:29 ----D---- C:\Windows\winsxs
2010-11-11 16:35:27 ----RSD---- C:\Windows\assembly
2010-11-11 16:24:07 ----SD---- C:\ProgramData\Microsoft
2010-11-08 01:19:49 ----D---- C:\Users\Alex\AppData\Roaming\Obogaq
2010-11-08 01:19:48 ----D---- C:\Users\Alex\AppData\Roaming\Inykse
2010-11-08 01:19:47 ----D---- C:\Users\Alex\AppData\Roaming\Tyux
2010-11-08 01:19:46 ----D---- C:\Users\Alex\AppData\Roaming\Cefi
2010-11-08 01:19:45 ----D---- C:\Users\Alex\AppData\Roaming\Huhol
2010-11-08 01:19:40 ----D---- C:\Users\Alex\AppData\Roaming\Xiofhu
2010-11-08 01:19:38 ----D---- C:\Users\Alex\AppData\Roaming\Qaiz
2010-11-04 21:56:12 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-02-17 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2010-07-15 130424]
R1 RapportBuka;RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
R1 RapportCerberus_19917;RapportCerberus_19917; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-12-07 281504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-12-07 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-04-06 1161664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-03 5922816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-06 2657120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-02-17 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-02-17 35272]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-04 436792]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 16896]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2010-02-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2010-02-17 40552]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
R2 lxbc_device;lxbc_device; C:\Windows\system32\lxbccoms.exe [2007-03-16 537520]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-06-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-02-17 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-25 655624]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-17 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-02-24 365072]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-01 390952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2010-02-17 606736]

-----------------EOF-----------------
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 2:18 pm

Still looking good. Running a dream so far!
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 1st, 2010, 2:54 pm

Hi LeeAJD.
There are a few things to do here just take your time you will be fine :)

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\http://*.mcafee.com]
    
    :Files
    C:\Windows\sed.exe
    C:\Windows\system32\tmpDBBF.tmp
    C:\Users\Alex\AppData\Roaming\Obogaq
    C:\Users\Alex\AppData\Roaming\Inykse
    C:\Users\Alex\AppData\Roaming\Tyux
    C:\Users\Alex\AppData\Roaming\Cefi
    C:\Users\Alex\AppData\Roaming\Huhol
    C:\Users\Alex\AppData\Roaming\Xiofhu
    C:\Users\Alex\AppData\Roaming\Qaiz
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Due to the vulnerabilities in earlier versions all versions numbered lower than 9.4.1 are vulnerable.
  • Go Here to download the installer for Adobe Reader and save AdbeRdrUpd941_all_incr.msp to a convenient location.
  • Double-click AdbeRdrUpd941_all_incr.msp and follow the prompts to install Adobe Reader 9.4.1

Next.

We need to disable McAfee Security Center and its components temporarily as it will interfere with the below scan.

  • Open McAfee Security Center.
  • Click on Home on the left pane.
  • Beside Computer & Files, click on the arrow button.
  • Next, click on the arrow button beside Configure at the middle right (NOT the bottom one).
  • You will come to a new page. Please check (click) Off for all the protections. Remember to scroll down.
  • You will be prompted, select Never and just click OK.
  • Note: Don't forget to re-enable it after the scan.

Here is an illustration to assist you:
Image

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 6:09 pm

OTM Log

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\http://*.mcafee.com\ not found.
========== FILES ==========
C:\Windows\sed.exe moved successfully.
C:\Windows\system32\tmpDBBF.tmp moved successfully.
C:\Users\Alex\AppData\Roaming\Obogaq folder moved successfully.
C:\Users\Alex\AppData\Roaming\Inykse folder moved successfully.
C:\Users\Alex\AppData\Roaming\Tyux folder moved successfully.
C:\Users\Alex\AppData\Roaming\Cefi folder moved successfully.
C:\Users\Alex\AppData\Roaming\Huhol folder moved successfully.
C:\Users\Alex\AppData\Roaming\Xiofhu folder moved successfully.
C:\Users\Alex\AppData\Roaming\Qaiz folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Alex
->Temp folder emptied: 329114 bytes
->Temporary Internet Files folder emptied: 50540957 bytes
->Java cache emptied: 3157357 bytes
->FireFox cache emptied: 102575852 bytes
->Flash cache emptied: 135051 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-ALEX-PC
->Temp folder emptied: 0 bytes

User: Mcx1-ALEX-PC.Alex-PC
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.Alex-PC
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 809560 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5312 bytes
RecycleBin emptied: 94189 bytes

Total Files Cleaned = 150.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12012010_190028

Files moved on Reboot...
File C:\Windows\temp\mcafee_J2K1hbipcwsf5El not found!
File C:\Windows\temp\mcmsc_jqcJH4n4J2GzSm1 not found!
File C:\Windows\temp\mcmsc_wwyl8rTf7PtA2H2 not found!

Registry entries deleted on Reboot...
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 6:09 pm

RSIT Log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alex at 2010-12-01 19:05:25
Microsoft Windows 7 Home Premium
System drive C: has 199 GB (67%) free of 295 GB
Total RAM: 3001 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:05:36, on 01/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\notepad.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alex\Desktop\RSIT.exe
C:\Program Files\trend micro\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O4 - S-1-5-18 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 9727 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-08-30 237644]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2010-02-17 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-07-12 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-07-12 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-07-12 150552]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-10 1218008]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-16 141608]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-06 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-03 215552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-01 19:00:28 ----D---- C:\_OTM
2010-12-01 16:57:11 ----A---- C:\TDSSKiller.2.4.10.0_01.12.2010_16.57.11_log.txt
2010-12-01 13:34:27 ----SHD---- C:\$RECYCLE.BIN
2010-12-01 13:33:16 ----A---- C:\ComboFix.txt
2010-12-01 12:17:23 ----A---- C:\Windows\NIRCMD.exe
2010-12-01 12:16:46 ----A---- C:\Windows\SWXCACLS.exe
2010-12-01 12:02:01 ----D---- C:\Program Files\alot
2010-12-01 12:01:53 ----D---- C:\Program Files\WhiteSmoke
2010-11-30 18:47:54 ----A---- C:\Windows\zip.exe
2010-11-30 18:47:54 ----A---- C:\Windows\SWSC.exe
2010-11-30 18:47:54 ----A---- C:\Windows\SWREG.exe
2010-11-30 18:47:54 ----A---- C:\Windows\PEV.exe
2010-11-30 18:47:54 ----A---- C:\Windows\MBR.exe
2010-11-30 18:47:54 ----A---- C:\Windows\grep.exe
2010-11-30 18:47:27 ----D---- C:\Qoobox
2010-11-30 18:43:50 ----D---- C:\Windows\ERDNT
2010-11-30 18:43:00 ----D---- C:\Program Files\ERUNT
2010-11-30 13:57:04 ----D---- C:\Program Files\trend micro
2010-11-30 13:57:03 ----D---- C:\rsit
2010-11-30 12:16:00 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-20 06:51:45 ----D---- C:\Users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51:42 ----D---- C:\ProgramData\Office Genuine Advantage
2010-11-18 15:25:06 ----A---- C:\Windows\system32\MRT.exe
2010-11-16 23:20:24 ----D---- C:\Program Files\iPod
2010-11-11 16:36:05 ----A---- C:\Windows\system32\rapture3d_oal.dll
2010-11-11 16:36:05 ----A---- C:\Windows\system32\mkl_blueripple.dll
2010-11-11 16:36:04 ----D---- C:\Program Files\BRS
2010-11-11 16:35:58 ----D---- C:\Program Files\OpenAL
2010-11-11 16:35:58 ----A---- C:\Windows\system32\wrap_oal.dll
2010-11-11 16:35:58 ----A---- C:\Windows\system32\OpenAL32.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-11-11 16:35:52 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-11-11 16:35:51 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-11-11 16:35:50 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-11-11 16:35:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-11-11 16:33:52 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-11 16:33:50 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-11-11 16:33:04 ----D---- C:\Windows\system32\xlive
2010-11-11 16:33:04 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-11 16:24:39 ----D---- C:\Program Files\Codemasters
2010-11-11 16:00:00 ----D---- C:\Program Files\Elaborate Bytes

======List of files/folders modified in the last 1 months======

2010-12-01 19:05:36 ----D---- C:\Windows\Temp
2010-12-01 19:03:51 ----D---- C:\Windows\system32\config
2010-12-01 19:03:43 ----D---- C:\Users\Alex\AppData\Roaming\Dropbox
2010-12-01 19:02:56 ----D---- C:\Windows
2010-12-01 19:01:14 ----D---- C:\Windows\System32
2010-12-01 16:57:11 ----D---- C:\Windows\system32\drivers
2010-12-01 12:43:50 ----A---- C:\Windows\system.ini
2010-12-01 12:42:16 ----D---- C:\Windows\system32\drivers\etc
2010-12-01 12:26:56 ----D---- C:\Windows\AppPatch
2010-12-01 12:26:54 ----D---- C:\Program Files\Common Files
2010-12-01 12:19:56 ----D---- C:\Program Files\QuickTime
2010-12-01 12:19:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-01 12:19:56 ----D---- C:\Program Files\Launch Manager
2010-12-01 12:19:56 ----D---- C:\Program Files\iTunes
2010-12-01 12:19:54 ----D---- C:\Program Files\AmIcoSingLun
2010-12-01 12:12:18 ----D---- C:\Windows\Minidump
2010-12-01 12:09:43 ----D---- C:\Windows\system32\catroot2
2010-12-01 12:02:01 ----RD---- C:\Program Files
2010-11-30 19:08:10 ----D---- C:\Windows\system32\Tasks
2010-11-30 19:08:09 ----D---- C:\Windows\Tasks
2010-11-30 19:03:28 ----D---- C:\Program Files\Internet Explorer
2010-11-30 18:48:11 ----SHD---- C:\System Volume Information
2010-11-30 13:54:19 ----D---- C:\Windows\Cooking Dash
2010-11-30 13:52:47 ----D---- C:\Program Files\Microsoft
2010-11-30 12:05:09 ----D---- C:\ProgramData
2010-11-30 12:03:06 ----SHD---- C:\Windows\Installer
2010-11-30 12:02:56 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-30 12:02:56 ----D---- C:\ProgramData\Lavasoft
2010-11-24 22:33:54 ----D---- C:\Windows\Prefetch
2010-11-24 12:41:14 ----D---- C:\Windows\system32\NDF
2010-11-22 18:49:46 ----D---- C:\Windows\inf
2010-11-20 22:01:52 ----D---- C:\Windows\system32\catroot
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-TW
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-HK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\tr-TR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\sv-SE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\pt-BR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nl-NL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nb-NO
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ko-KR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\it-IT
2010-11-18 15:29:34 ----D---- C:\Windows\system32\he-IL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fr-FR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fi-FI
2010-11-18 15:29:34 ----D---- C:\Windows\system32\es-ES
2010-11-18 15:29:34 ----D---- C:\Windows\system32\el-GR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\de-DE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\da-DK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ar-SA
2010-11-18 15:29:33 ----D---- C:\Windows\system32\en-US
2010-11-18 15:25:10 ----D---- C:\Windows\debug
2010-11-16 23:20:23 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 23:17:34 ----D---- C:\Windows\system32\DriverStore
2010-11-11 16:36:29 ----D---- C:\Windows\winsxs
2010-11-11 16:35:27 ----RSD---- C:\Windows\assembly
2010-11-11 16:24:07 ----SD---- C:\ProgramData\Microsoft
2010-11-04 21:56:12 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-02-17 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2010-07-15 130424]
R1 RapportBuka;RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
R1 RapportCerberus_19917;RapportCerberus_19917; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-12-07 281504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-12-07 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-04-06 1161664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-03 5922816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-06 2657120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-02-17 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-02-17 35272]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-04 436792]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 16896]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2010-02-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2010-02-17 40552]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
R2 lxbc_device;lxbc_device; C:\Windows\system32\lxbccoms.exe [2007-03-16 537520]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-06-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-02-17 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-25 655624]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-17 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-02-24 365072]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-01 390952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2010-02-17 606736]

-----------------EOF-----------------
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 6:10 pm

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f4c9cf8cf84dad46ab26d366574a6b34
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-01 09:48:49
# local_time=2010-12-01 09:48:49 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 6839 6839 0 0
# compatibility_mode=1024 16777215 100 0 10569990 10569990 0 0
# compatibility_mode=5121 16776893 100 96 3798269 44181893 0 0
# compatibility_mode=5893 16776574 100 94 10726677 43699960 0 0
# compatibility_mode=8192 67108863 100 0 5530 5530 0 0
# scanned=211858
# found=20
# cleaned=0
# scan_time=6560
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe probably a variant of Win32/Agent.FINBOCH trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Bocyl\yxuh.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Coybme\olmy.exe.vir a variant of Win32/Kryptik.IMY trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Cumiu\noetb.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Emwu\geeha.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Ifeqb\axagi.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Iqsati\goove.exe.vir a variant of Win32/Kryptik.IIF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Kionum\wefu.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Neiba\kiaf.exe.vir a variant of Win32/Kryptik.IIF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Odula\edge.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Opyro\ilpy.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Oryl\beevi.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Uwaxy\gezyy.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\Xaedma\viyf.exe.vir Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Users\Alex\windows\uk.exe Win32/Spy.Zbot.YW trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\494deb8a-4d06462c a variant of Java/Exploit.Agent.NAC trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\597da494-28181122 multiple threats 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\51798fd6-36ac3352 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\407ef09a-2b0b5bca a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\698c2f87-6c9917a2 multiple threats 00000000000000000000000000000000 I
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 6:11 pm

Computer still seems to be running OK.
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 2nd, 2010, 6:07 am

Hi LeeAJD.

Just a couple of things left to deal with then you're good to go.

Delete file/folder
Click on Start > All programs > Accessories > Run.
Copy/paste the following command into the box and press OK: Do not include the word quote:
cmd /c del /F C:\Users\Alex\windows\uk.exe

A blank command window will open on your desktop, then close in a minute or two. This is normal.

Next.

Clear Java cache

  • Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

I recommend you keep Malwarebytes' Anti-Malware, keep it updated and run it once a week.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 2nd, 2010, 8:43 am

Thanks very much for all of this. It's really appreciated!

Just one problem i'm having now is installing Windows Updates. Every time it tries to download the update it gives me a connection error. Is this something you could help with?

Kind regards
Alex
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 2nd, 2010, 11:47 am

Hi Alex.
The problem with windows updates has this just happened?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 2nd, 2010, 12:38 pm

I'm not sure. I haven't noticed the problem before.

Also, i'm still having some problems. When i'm using search engines (google, yahoo etc) a lot of the time the result links re-direct to ad sites. I'm still getting the occasional pop-up as well.

McAffee has also reported blocking a trojan once or twice.

Regards
Alex
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 308 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware