Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infection affecting MBAM & SpywareBlaster update, IE & Avast

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infection affecting MBAM & SpywareBlaster update, IE & Avast

Unread postby mandy99 » November 1st, 2011, 11:37 pm

I've been wrestling with this infection for the better part of a month (probably should have come here first!). When I first started my friend's laptop, a very obviously fake antivirus alert would display. In addition, I kept getting random popup messages about the failure to open an Internet Explorer window although I wasn't running IE. I installed MBAM, Avast, Comodo Firewall, and Spyware Blaster. I also ran Windows Updates. Scans through MBAM and Avast came up with many infections (each time scans were run, the resulting infections were different, and the logs for all my scans are available). I kept running scans until both MBAM and Avast reported no infections. Now, however, IE will not run (nor does the update to IE8 work). In addition, neither MBAM nor Spyware Blaster will update (they did at first). Also, Avast no longer loads at startup, and I cannot manually start the program.

Any and all help will be greatly appreciated. The DDS logs follow:

======================================
dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lynette at 22:51:41 on 2011-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.88 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0EtSzZIVTk"&"inst=NzctNzY2Mzg2NTkyLUIxLVQxNC1WT1A4KzEtRERUKzAtWE84KzEtU1QxMkZPSSsx"&"prod=90"&"ver=2012.0.1831"&"mid=538e52e025ae47d1bd48d14d659e252f-00d20b2078777149b44af7d9e6ee86547d9d9afd
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8373414710
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0EE1B293-6141-48F3-9FA1-0F24849FE3B4} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: uyfdvwbc - c:\documents and settings\lynette\application data\uyfdvwbc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 195.245.119.131 browser-security.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lynette\application data\mozilla\firefox\profiles\ynt30tpd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-10 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-10 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-10 20568]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2007-12-20 26190]
S4 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-10 44768]
.
=============== Created Last 30 ================
.
2011-11-02 01:38:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 01:38:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 22:37:56 -------- d--h--w- c:\windows\PIF
2011-10-11 18:23:12 -------- d-----w- c:\program files\ACW
2011-10-11 18:12:01 -------- d-----w- c:\windows\system32\NtmsData
2011-10-11 17:01:46 -------- d-----w- c:\program files\iPod
2011-10-11 17:01:10 -------- d-----w- c:\program files\iTunes
2011-10-11 17:01:10 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-10-11 16:57:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-10-11 16:57:13 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-10-11 16:49:13 -------- d-----w- c:\program files\Bonjour
2011-10-11 15:52:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 03:02:27 -------- d-----w- c:\program files\COMODO
2011-10-11 02:10:17 -------- d-----w- c:\program files\SpywareBlaster
2011-10-11 02:05:21 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-10-11 02:02:08 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-10-11 00:55:22 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-11 00:55:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 23:30:14 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-10 23:29:28 41184 ----a-w- c:\windows\avastSS.scr
2011-10-10 23:29:05 -------- d-----w- c:\program files\AVAST Software
2011-10-10 23:29:05 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-10 23:06:08 -------- d-----w- c:\documents and settings\lynette\application data\AVG2012
2011-10-10 23:03:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-10-10 22:55:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-10 22:54:18 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-10 22:53:58 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-10 22:53:08 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-10 22:53:07 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-10 22:52:14 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-10 22:50:01 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-10 22:49:58 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-10 22:47:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-10 22:47:05 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-10 22:45:48 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-10 22:45:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-10 22:07:02 -------- d-----w- c:\program files\VS Revo Group
2011-10-10 20:36:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-10 20:35:26 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-10 20:02:02 -------- d-----w- c:\windows\pss
2011-10-10 16:39:36 45568 -c----w- c:\windows\system32\dllcache\wab.exe
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 22:53:30.51 ===============

===================
attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2007 10:57:10 PM
System Uptime: 11/1/2011 10:42:20 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 09U807
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 29.87 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/1/2011 10:24:15 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
B44Inst
BACS
BCM V.92 56K Modem
Bonjour
Broadcom 440x Driver Installer
Broadcom Advanced Control Suite
COMODO Internet Security
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
iTunes
Java Auto Updater
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (7.0.1)
Norton Security Scan
OpenOffice.org 3.0
QuickTime
RealArcade
RealPlayer
Revo Uninstaller 1.93
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SpywareBlaster 4.4
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/1/2011 10:43:00 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm
Advertisement
Register to Remove

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 2nd, 2011, 12:12 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Quick question.. Does your installed version of COMODO Internet Security include Anti-virus protection?
Let me know in your next reply.


Please download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • Does COMODO Internet Security include Antivirus protection?
  • aswMBR.txt.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 3rd, 2011, 12:09 am

Thanks for the reply Cypher!

1. The Comodo Internet Security is the firewall only. In the start menu, in the comodo firewall folder, there is an option to "Add or remove components", so maybe the antivirus could be added.

2. Before I post the logs, I wanted to ask a question, Windows Automatic Updates wants to install something today. Should I not install it?

3. I forgot that I did run tdsskiller at some earlier point in my attempt to clean this computer. It found a virus & cured it. After which, I did more scans with Avast & MBAM. I apologize that I didn't remember this & mention it in my initial post.

----------------------------------------
aswMBR.txt
-----------------------------------------
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-02 23:39:18
-----------------------------
23:39:18.235 OS Version: Windows 5.1.2600 Service Pack 3
23:39:18.235 Number of processors: 1 586 0x209
23:39:18.235 ComputerName: LYNETTE-EF1FC66 UserName: Lynette
23:39:29.702 Initialize success
23:39:35.971 AVAST engine defs: 11101102
23:39:49.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:39:49.320 Disk 0 Vendor: FUJITSU_MHW2040AT 0000000B Size: 38154MB BusType: 3
23:39:51.373 Disk 0 MBR read successfully
23:39:51.373 Disk 0 MBR scan
23:39:55.779 Disk 0 Windows XP default MBR code
23:39:55.799 Disk 0 scanning sectors +78124095
23:40:00.476 Disk 0 scanning C:\WINDOWS\system32\drivers
23:40:40.514 Service scanning
23:40:41.896 Modules scanning
23:41:13.261 Disk 0 trace - called modules:
23:41:13.281 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:41:13.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823aeab8]
23:41:13.281 3 CLASSPNP.SYS[f98d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x823afb58]
23:41:14.913 AVAST engine scan C:\WINDOWS
23:41:56.924 AVAST engine scan C:\WINDOWS\system32
23:45:39.844 AVAST engine scan C:\WINDOWS\system32\drivers
23:46:07.694 AVAST engine scan C:\Documents and Settings\Lynette
23:50:14.509 AVAST engine scan C:\Documents and Settings\All Users
23:50:27.969 Scan finished successfully
23:51:05.823 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lynette\Desktop\MBR.dat"
23:51:05.823 The log file has been saved successfully to "C:\Documents and Settings\Lynette\Desktop\aswMBR.txt"


--------------------------------------------
tdsskiller.exe
--------------------------------------------
23:55:57.0993 1076 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:55:59.0726 1076 ============================================================
23:55:59.0726 1076 Current date / time: 2011/11/02 23:55:59.0726
23:55:59.0726 1076 SystemInfo:
23:55:59.0726 1076
23:55:59.0726 1076 OS Version: 5.1.2600 ServicePack: 3.0
23:55:59.0726 1076 Product type: Workstation
23:55:59.0726 1076 ComputerName: LYNETTE-EF1FC66
23:55:59.0726 1076 UserName: Lynette
23:55:59.0726 1076 Windows directory: C:\WINDOWS
23:55:59.0726 1076 System windows directory: C:\WINDOWS
23:55:59.0726 1076 Processor architecture: Intel x86
23:55:59.0726 1076 Number of processors: 1
23:55:59.0726 1076 Page size: 0x1000
23:55:59.0726 1076 Boot type: Normal boot
23:55:59.0726 1076 ============================================================
23:56:01.0288 1076 Initialize success
23:56:05.0734 1588 ============================================================
23:56:05.0734 1588 Scan started
23:56:05.0734 1588 Mode: Manual;
23:56:05.0734 1588 ============================================================
23:56:07.0767 1588 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:56:07.0767 1588 Aavmker4 - ok
23:56:08.0078 1588 Abiosdsk - ok
23:56:08.0398 1588 abp480n5 - ok
23:56:08.0759 1588 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:56:08.0759 1588 ACPI - ok
23:56:09.0099 1588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:56:09.0099 1588 ACPIEC - ok
23:56:09.0419 1588 adpu160m - ok
23:56:09.0780 1588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:56:09.0780 1588 aec - ok
23:56:10.0131 1588 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:56:10.0141 1588 AFD - ok
23:56:10.0481 1588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:56:10.0481 1588 agp440 - ok
23:56:10.0791 1588 Aha154x - ok
23:56:11.0112 1588 aic78u2 - ok
23:56:11.0422 1588 aic78xx - ok
23:56:11.0763 1588 AliIde - ok
23:56:12.0073 1588 amsint - ok
23:56:12.0464 1588 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:56:12.0464 1588 Arp1394 - ok
23:56:12.0965 1588 asc - ok
23:56:13.0345 1588 asc3350p - ok
23:56:13.0666 1588 asc3550 - ok
23:56:14.0016 1588 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:56:14.0016 1588 aswFsBlk - ok
23:56:14.0357 1588 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
23:56:14.0367 1588 aswMon2 - ok
23:56:14.0717 1588 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
23:56:14.0717 1588 aswRdr - ok
23:56:15.0378 1588 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
23:56:15.0398 1588 aswSnx - ok
23:56:15.0789 1588 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
23:56:15.0819 1588 aswSP - ok
23:56:16.0169 1588 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
23:56:16.0169 1588 aswTdi - ok
23:56:16.0530 1588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:56:16.0530 1588 AsyncMac - ok
23:56:16.0880 1588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:56:16.0880 1588 atapi - ok
23:56:17.0191 1588 Atdisk - ok
23:56:17.0591 1588 ati2mtag (1ca68bc171e299636026ee9656217d27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:56:17.0621 1588 ati2mtag - ok
23:56:18.0022 1588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:56:18.0032 1588 Atmarpc - ok
23:56:18.0412 1588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:56:18.0412 1588 audstub - ok
23:56:18.0773 1588 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:56:18.0783 1588 bcm4sbxp - ok
23:56:19.0184 1588 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
23:56:19.0234 1588 BCMModem - ok
23:56:19.0604 1588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:56:19.0604 1588 Beep - ok
23:56:19.0985 1588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:56:19.0985 1588 cbidf2k - ok
23:56:20.0305 1588 cd20xrnt - ok
23:56:20.0656 1588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:56:20.0666 1588 Cdaudio - ok
23:56:21.0016 1588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:56:21.0016 1588 Cdfs - ok
23:56:21.0347 1588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:56:21.0347 1588 Cdrom - ok
23:56:21.0657 1588 Changer - ok
23:56:22.0048 1588 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:56:22.0048 1588 CmBatt - ok
23:56:22.0488 1588 cmdGuard (251f906328af49e7927a1ad12b543a2f) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:56:22.0528 1588 cmdGuard - ok
23:56:22.0929 1588 cmdHlp (207f06d08afcdd3bbc801eab1a845cfb) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:56:22.0929 1588 cmdHlp - ok
23:56:23.0269 1588 CmdIde - ok
23:56:23.0620 1588 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:56:23.0630 1588 Compbatt - ok
23:56:23.0940 1588 Cpqarray - ok
23:56:24.0271 1588 dac2w2k - ok
23:56:24.0591 1588 dac960nt - ok
23:56:24.0972 1588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:56:24.0972 1588 Disk - ok
23:56:25.0312 1588 DM9USB (0f7b802ecbf2fe6a834facaf0268aad8) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
23:56:25.0312 1588 DM9USB - ok
23:56:25.0703 1588 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:56:25.0743 1588 dmboot - ok
23:56:26.0124 1588 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:56:26.0134 1588 dmio - ok
23:56:26.0464 1588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:56:26.0474 1588 dmload - ok
23:56:26.0835 1588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:56:26.0835 1588 DMusic - ok
23:56:27.0205 1588 dpti2o - ok
23:56:27.0556 1588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:56:27.0556 1588 drmkaud - ok
23:56:27.0956 1588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:56:27.0956 1588 Fastfat - ok
23:56:28.0307 1588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:56:28.0307 1588 Fdc - ok
23:56:28.0667 1588 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:56:28.0667 1588 Fips - ok
23:56:29.0008 1588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:56:29.0008 1588 Flpydisk - ok
23:56:29.0358 1588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:56:29.0368 1588 FltMgr - ok
23:56:29.0699 1588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:56:29.0699 1588 Fs_Rec - ok
23:56:30.0039 1588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:56:30.0039 1588 Ftdisk - ok
23:56:30.0380 1588 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:56:30.0400 1588 GEARAspiWDM - ok
23:56:30.0760 1588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:56:30.0760 1588 Gpc - ok
23:56:31.0131 1588 hpn - ok
23:56:31.0531 1588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:56:31.0541 1588 HTTP - ok
23:56:31.0862 1588 i2omgmt - ok
23:56:32.0302 1588 i2omp - ok
23:56:32.0653 1588 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:56:32.0663 1588 i8042prt - ok
23:56:33.0033 1588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:56:33.0033 1588 Imapi - ok
23:56:33.0384 1588 ini910u - ok
23:56:33.0785 1588 Inspect (c9953067b2c9e3d3dd44ec22d1e0815a) C:\WINDOWS\system32\DRIVERS\inspect.sys
23:56:33.0785 1588 Inspect - ok
23:56:34.0145 1588 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:56:34.0155 1588 IntelIde - ok
23:56:34.0526 1588 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:56:34.0526 1588 intelppm - ok
23:56:34.0906 1588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:56:34.0906 1588 Ip6Fw - ok
23:56:35.0267 1588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:56:35.0267 1588 IpFilterDriver - ok
23:56:35.0657 1588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:56:35.0657 1588 IpInIp - ok
23:56:36.0048 1588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:56:36.0058 1588 IpNat - ok
23:56:36.0408 1588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:56:36.0408 1588 IPSec - ok
23:56:36.0769 1588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:56:36.0769 1588 IRENUM - ok
23:56:37.0149 1588 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:56:37.0149 1588 isapnp - ok
23:56:37.0520 1588 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:56:37.0520 1588 Kbdclass - ok
23:56:37.0900 1588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:56:37.0910 1588 kmixer - ok
23:56:38.0271 1588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:56:38.0271 1588 KSecDD - ok
23:56:38.0621 1588 lbrtfdc - ok
23:56:39.0032 1588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:56:39.0032 1588 mnmdd - ok
23:56:39.0433 1588 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:56:39.0433 1588 Modem - ok
23:56:39.0803 1588 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:56:39.0813 1588 Mouclass - ok
23:56:40.0194 1588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:56:40.0204 1588 MountMgr - ok
23:56:40.0534 1588 mraid35x - ok
23:56:40.0915 1588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:56:40.0925 1588 MRxDAV - ok
23:56:41.0325 1588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:56:41.0355 1588 MRxSmb - ok
23:56:41.0766 1588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:56:41.0766 1588 Msfs - ok
23:56:42.0147 1588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:56:42.0147 1588 MSKSSRV - ok
23:56:42.0527 1588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:56:42.0527 1588 MSPCLOCK - ok
23:56:42.0898 1588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:56:42.0898 1588 MSPQM - ok
23:56:43.0278 1588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:56:43.0278 1588 mssmbios - ok
23:56:43.0649 1588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:56:43.0659 1588 Mup - ok
23:56:44.0059 1588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:56:44.0069 1588 NDIS - ok
23:56:44.0440 1588 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
23:56:44.0440 1588 NDISRD - ok
23:56:44.0830 1588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:56:44.0830 1588 NdisTapi - ok
23:56:45.0231 1588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:56:45.0231 1588 Ndisuio - ok
23:56:45.0612 1588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:56:45.0612 1588 NdisWan - ok
23:56:45.0992 1588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:56:45.0992 1588 NDProxy - ok
23:56:46.0363 1588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:56:46.0373 1588 NetBIOS - ok
23:56:46.0843 1588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:56:46.0853 1588 NetBT - ok
23:56:47.0244 1588 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:56:47.0254 1588 NIC1394 - ok
23:56:47.0634 1588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:56:47.0634 1588 Npfs - ok
23:56:48.0025 1588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:56:48.0055 1588 Ntfs - ok
23:56:48.0636 1588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:56:48.0636 1588 Null - ok
23:56:49.0016 1588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:56:49.0026 1588 NwlnkFlt - ok
23:56:49.0367 1588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:56:49.0367 1588 NwlnkFwd - ok
23:56:49.0707 1588 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:56:49.0717 1588 ohci1394 - ok
23:56:50.0068 1588 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:56:50.0068 1588 Parport - ok
23:56:50.0428 1588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:56:50.0428 1588 PartMgr - ok
23:56:50.0749 1588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:56:50.0749 1588 ParVdm - ok
23:56:51.0129 1588 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:56:51.0129 1588 PCI - ok
23:56:51.0420 1588 PCIDump - ok
23:56:51.0790 1588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
23:56:51.0790 1588 PCIIde - ok
23:56:52.0161 1588 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:56:52.0161 1588 Pcmcia - ok
23:56:52.0511 1588 PDCOMP - ok
23:56:52.0832 1588 PDFRAME - ok
23:56:53.0142 1588 PDRELI - ok
23:56:53.0453 1588 PDRFRAME - ok
23:56:53.0773 1588 perc2 - ok
23:56:54.0084 1588 perc2hib - ok
23:56:54.0504 1588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:56:54.0514 1588 PptpMiniport - ok
23:56:54.0885 1588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:56:54.0885 1588 PSched - ok
23:56:55.0225 1588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:56:55.0225 1588 Ptilink - ok
23:56:55.0526 1588 ql1080 - ok
23:56:55.0836 1588 Ql10wnt - ok
23:56:56.0157 1588 ql12160 - ok
23:56:56.0467 1588 ql1240 - ok
23:56:56.0778 1588 ql1280 - ok
23:56:57.0068 1588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:56:57.0078 1588 RasAcd - ok
23:56:57.0439 1588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:56:57.0449 1588 Rasl2tp - ok
23:56:57.0819 1588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:56:57.0819 1588 RasPppoe - ok
23:56:58.0170 1588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:56:58.0170 1588 Raspti - ok
23:56:58.0520 1588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:56:58.0530 1588 Rdbss - ok
23:56:58.0901 1588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:56:58.0901 1588 RDPCDD - ok
23:56:59.0281 1588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:56:59.0281 1588 RDPWD - ok
23:56:59.0672 1588 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:56:59.0672 1588 redbook - ok
23:57:00.0172 1588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:57:00.0172 1588 Secdrv - ok
23:57:00.0593 1588 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:57:00.0593 1588 Serial - ok
23:57:00.0964 1588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:57:00.0964 1588 Sfloppy - ok
23:57:01.0294 1588 Simbad - ok
23:57:01.0605 1588 Sparrow - ok
23:57:01.0965 1588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:57:01.0975 1588 splitter - ok
23:57:02.0336 1588 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:57:02.0336 1588 sr - ok
23:57:02.0736 1588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:57:02.0776 1588 Srv - ok
23:57:03.0167 1588 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
23:57:03.0187 1588 STAC97 - ok
23:57:03.0577 1588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:57:03.0577 1588 swenum - ok
23:57:03.0948 1588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:57:03.0948 1588 swmidi - ok
23:57:04.0298 1588 symc810 - ok
23:57:04.0619 1588 symc8xx - ok
23:57:04.0929 1588 sym_hi - ok
23:57:05.0240 1588 sym_u3 - ok
23:57:05.0610 1588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:57:05.0610 1588 sysaudio - ok
23:57:06.0041 1588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:57:06.0071 1588 Tcpip - ok
23:57:06.0451 1588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:57:06.0451 1588 TDPIPE - ok
23:57:06.0832 1588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:57:06.0832 1588 TDTCP - ok
23:57:07.0213 1588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:57:07.0213 1588 TermDD - ok
23:57:07.0533 1588 TosIde - ok
23:57:07.0924 1588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:57:07.0924 1588 Udfs - ok
23:57:08.0254 1588 ultra - ok
23:57:08.0625 1588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:57:08.0655 1588 Update - ok
23:57:09.0065 1588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:57:09.0065 1588 usbccgp - ok
23:57:09.0426 1588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:57:09.0426 1588 usbehci - ok
23:57:09.0766 1588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:57:09.0776 1588 usbhub - ok
23:57:10.0157 1588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:57:10.0167 1588 usbprint - ok
23:57:10.0567 1588 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:57:10.0567 1588 USBSTOR - ok
23:57:10.0948 1588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:57:10.0948 1588 usbuhci - ok
23:57:11.0329 1588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:57:11.0329 1588 VgaSave - ok
23:57:11.0669 1588 ViaIde - ok
23:57:12.0030 1588 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:57:12.0030 1588 VolSnap - ok
23:57:12.0460 1588 w70n51 (8e5cf571c00c806ed7c08dbb74356646) C:\WINDOWS\system32\DRIVERS\w70n51.sys
23:57:12.0490 1588 w70n51 - ok
23:57:12.0881 1588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:57:12.0881 1588 Wanarp - ok
23:57:13.0211 1588 WDICA - ok
23:57:13.0582 1588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:57:13.0592 1588 wdmaud - ok
23:57:13.0842 1588 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:57:14.0002 1588 \Device\Harddisk0\DR0 - ok
23:57:14.0012 1588 Boot (0x1200) (4790af5bfe19dc60c248e2a1ffb6ea6d) \Device\Harddisk0\DR0\Partition0
23:57:14.0012 1588 \Device\Harddisk0\DR0\Partition0 - ok
23:57:14.0012 1588 ============================================================
23:57:14.0012 1588 Scan finished
23:57:14.0012 1588 ============================================================
23:57:14.0052 0960 Detected object count: 0
23:57:14.0052 0960 Actual detected object count: 0
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 3rd, 2011, 7:22 am

Hi mandy99,
Thanks for the reply Cypher!

You're welcome.
The Comodo Internet Security is the firewall only. In the start menu, in the comodo firewall folder, there is an option to "Add or remove components", so maybe the antivirus could be added.

I would like you to run another scan to check that for me.
Windows Automatic Updates wants to install something today. Should I not install it?

No please don't install any updates until we get the computer clean.
I forgot that I did run tdsskiller at some earlier point in my attempt to clean this computer. It found a virus & cured it.

Please post the TDSSKiller log from the scan that you ran previously, it will be on your C drive.
To find the log go to Start > Computer > C:

Next.

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • checkup.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 3rd, 2011, 11:37 am

When I clicked the link I mentioned earlier for "Add or remove components", there was an option to install Comodo Antivirus protection (I didn't install it, but the option is there).

The requested logs follow:

-------------------------------------------------------
tdsskiller log from 10/11/11
-------------------------------------------------------
11:09:11.0443 1100 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
11:09:11.0924 1100 ============================================================
11:09:11.0924 1100 Current date / time: 2011/10/11 11:09:11.0924
11:09:11.0924 1100 SystemInfo:
11:09:11.0924 1100
11:09:11.0924 1100 OS Version: 5.1.2600 ServicePack: 3.0
11:09:11.0924 1100 Product type: Workstation
11:09:11.0924 1100 ComputerName: LYNETTE-EF1FC66
11:09:11.0924 1100 UserName: Lynette
11:09:11.0924 1100 Windows directory: C:\WINDOWS
11:09:11.0924 1100 System windows directory: C:\WINDOWS
11:09:11.0924 1100 Processor architecture: Intel x86
11:09:11.0924 1100 Number of processors: 1
11:09:11.0924 1100 Page size: 0x1000
11:09:11.0924 1100 Boot type: Normal boot
11:09:11.0924 1100 ============================================================
11:09:13.0596 1100 Initialize success
11:09:42.0988 3940 ============================================================
11:09:42.0988 3940 Scan started
11:09:42.0988 3940 Mode: Manual;
11:09:42.0988 3940 ============================================================
11:09:43.0359 3940 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:09:43.0359 3940 Aavmker4 - ok
11:09:43.0649 3940 Abiosdsk - ok
11:09:43.0950 3940 abp480n5 - ok
11:09:44.0300 3940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:09:44.0310 3940 ACPI - ok
11:09:44.0621 3940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:09:44.0621 3940 ACPIEC - ok
11:09:44.0931 3940 adpu160m - ok
11:09:45.0282 3940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:09:45.0292 3940 aec - ok
11:09:45.0622 3940 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
11:09:45.0622 3940 AFD - ok
11:09:45.0993 3940 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:09:45.0993 3940 agp440 - ok
11:09:46.0283 3940 Aha154x - ok
11:09:46.0583 3940 aic78u2 - ok
11:09:46.0884 3940 aic78xx - ok
11:09:47.0214 3940 AliIde - ok
11:09:47.0525 3940 amsint - ok
11:09:47.0885 3940 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:09:47.0885 3940 Arp1394 - ok
11:09:48.0166 3940 asc - ok
11:09:48.0466 3940 asc3350p - ok
11:09:48.0767 3940 asc3550 - ok
11:09:49.0107 3940 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:09:49.0107 3940 aswFsBlk - ok
11:09:49.0438 3940 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
11:09:49.0438 3940 aswMon2 - ok
11:09:49.0768 3940 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
11:09:49.0768 3940 aswRdr - ok
11:09:50.0098 3940 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
11:09:50.0129 3940 aswSnx - ok
11:09:50.0469 3940 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
11:09:50.0499 3940 aswSP - ok
11:09:50.0819 3940 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
11:09:50.0819 3940 aswTdi - ok
11:09:51.0150 3940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:09:51.0150 3940 AsyncMac - ok
11:09:51.0490 3940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:09:51.0490 3940 atapi - ok
11:09:51.0781 3940 Atdisk - ok
11:09:52.0171 3940 ati2mtag (1ca68bc171e299636026ee9656217d27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:09:52.0201 3940 ati2mtag - ok
11:09:52.0512 3940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:09:52.0512 3940 Atmarpc - ok
11:09:52.0862 3940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:09:52.0862 3940 audstub - ok
11:09:53.0223 3940 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:09:53.0223 3940 bcm4sbxp - ok
11:09:53.0604 3940 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
11:09:53.0664 3940 BCMModem - ok
11:09:53.0994 3940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:09:54.0004 3940 Beep - ok
11:09:54.0365 3940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:09:54.0365 3940 cbidf2k - ok
11:09:54.0665 3940 cd20xrnt - ok
11:09:54.0996 3940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:09:54.0996 3940 Cdaudio - ok
11:09:55.0316 3940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:09:55.0326 3940 Cdfs - ok
11:09:55.0656 3940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:09:55.0656 3940 Cdrom - ok
11:09:55.0947 3940 Changer - ok
11:09:56.0307 3940 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:09:56.0317 3940 CmBatt - ok
11:09:56.0758 3940 cmdGuard (251f906328af49e7927a1ad12b543a2f) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
11:09:56.0788 3940 cmdGuard - ok
11:09:57.0179 3940 cmdHlp (207f06d08afcdd3bbc801eab1a845cfb) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
11:09:57.0179 3940 cmdHlp - ok
11:09:57.0509 3940 CmdIde - ok
11:09:57.0850 3940 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:09:57.0850 3940 Compbatt - ok
11:09:58.0160 3940 Cpqarray - ok
11:09:58.0470 3940 dac2w2k - ok
11:09:58.0771 3940 dac960nt - ok
11:09:59.0141 3940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:09:59.0151 3940 Disk - ok
11:09:59.0472 3940 DM9USB (0f7b802ecbf2fe6a834facaf0268aad8) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
11:09:59.0482 3940 DM9USB - ok
11:09:59.0852 3940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:09:59.0893 3940 dmboot - ok
11:10:00.0363 3940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:10:00.0373 3940 dmio - ok
11:10:00.0704 3940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:10:00.0704 3940 dmload - ok
11:10:01.0054 3940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:10:01.0064 3940 DMusic - ok
11:10:01.0415 3940 dpti2o - ok
11:10:01.0755 3940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:10:01.0755 3940 drmkaud - ok
11:10:02.0136 3940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:10:02.0136 3940 Fastfat - ok
11:10:02.0476 3940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:10:02.0476 3940 Fdc - ok
11:10:02.0787 3940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:10:02.0787 3940 Fips - ok
11:10:03.0147 3940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:10:03.0147 3940 Flpydisk - ok
11:10:03.0508 3940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:10:03.0518 3940 FltMgr - ok
11:10:03.0858 3940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:10:03.0858 3940 Fs_Rec - ok
11:10:04.0189 3940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:10:04.0189 3940 Ftdisk - ok
11:10:04.0509 3940 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:10:04.0509 3940 GEARAspiWDM - ok
11:10:04.0850 3940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:10:04.0860 3940 Gpc - ok
11:10:05.0200 3940 hpn - ok
11:10:05.0551 3940 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:10:05.0561 3940 HTTP - ok
11:10:05.0891 3940 i2omgmt - ok
11:10:06.0192 3940 i2omp - ok
11:10:06.0532 3940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:10:06.0532 3940 i8042prt - ok
11:10:06.0863 3940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:10:06.0863 3940 Imapi - ok
11:10:07.0163 3940 ini910u - ok
11:10:07.0544 3940 Inspect (c9953067b2c9e3d3dd44ec22d1e0815a) C:\WINDOWS\system32\DRIVERS\inspect.sys
11:10:07.0554 3940 Inspect - ok
11:10:07.0904 3940 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:10:07.0904 3940 IntelIde - ok
11:10:08.0215 3940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:10:08.0215 3940 intelppm - ok
11:10:08.0585 3940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:10:08.0585 3940 Ip6Fw - ok
11:10:08.0936 3940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:10:08.0936 3940 IpFilterDriver - ok
11:10:09.0306 3940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:10:09.0306 3940 IpInIp - ok
11:10:09.0657 3940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:10:09.0667 3940 IpNat - ok
11:10:10.0017 3940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:10:10.0017 3940 IPSec - ok
11:10:10.0388 3940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:10:10.0388 3940 IRENUM - ok
11:10:10.0728 3940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:10:10.0728 3940 isapnp - ok
11:10:11.0069 3940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:10:11.0069 3940 Kbdclass - ok
11:10:11.0409 3940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:10:11.0419 3940 kmixer - ok
11:10:11.0780 3940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:10:11.0780 3940 KSecDD - ok
11:10:12.0120 3940 lbrtfdc - ok
11:10:12.0521 3940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:10:12.0531 3940 mnmdd - ok
11:10:12.0891 3940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:10:12.0891 3940 Modem - ok
11:10:13.0272 3940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:10:13.0272 3940 Mouclass - ok
11:10:13.0632 3940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:10:13.0632 3940 MountMgr - ok
11:10:14.0003 3940 mozyFilter (9c7c74b04a2378b7e56a15bd9f8ee3c1) C:\WINDOWS\system32\DRIVERS\mozy.sys
11:10:14.0003 3940 mozyFilter - ok
11:10:14.0283 3940 mraid35x - ok
11:10:14.0634 3940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:10:14.0644 3940 MRxDAV - ok
11:10:15.0024 3940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:10:15.0054 3940 MRxSmb - ok
11:10:15.0435 3940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:10:15.0445 3940 Msfs - ok
11:10:15.0795 3940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:10:15.0795 3940 MSKSSRV - ok
11:10:16.0166 3940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:10:16.0166 3940 MSPCLOCK - ok
11:10:16.0506 3940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:10:16.0506 3940 MSPQM - ok
11:10:16.0847 3940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:10:16.0847 3940 mssmbios - ok
11:10:17.0207 3940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:10:17.0207 3940 Mup - ok
11:10:17.0598 3940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:10:17.0598 3940 NDIS - ok
11:10:17.0949 3940 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
11:10:17.0959 3940 NDISRD - ok
11:10:18.0329 3940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:10:18.0329 3940 NdisTapi - ok
11:10:18.0640 3940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:10:18.0640 3940 Ndisuio - ok
11:10:19.0010 3940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:10:19.0010 3940 NdisWan - ok
11:10:19.0371 3940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:10:19.0371 3940 NDProxy - ok
11:10:19.0731 3940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:10:19.0731 3940 NetBIOS - ok
11:10:20.0082 3940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:10:20.0092 3940 NetBT - ok
11:10:20.0472 3940 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:10:20.0472 3940 NIC1394 - ok
11:10:20.0843 3940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:10:20.0853 3940 Npfs - ok
11:10:21.0243 3940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:10:21.0263 3940 Ntfs - ok
11:10:21.0644 3940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:10:21.0644 3940 Null - ok
11:10:22.0145 3940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:10:22.0145 3940 NwlnkFlt - ok
11:10:22.0585 3940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:10:22.0585 3940 NwlnkFwd - ok
11:10:22.0966 3940 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:10:22.0976 3940 ohci1394 - ok
11:10:23.0336 3940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:10:23.0336 3940 Parport - ok
11:10:23.0707 3940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:10:23.0707 3940 PartMgr - ok
11:10:24.0037 3940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:10:24.0037 3940 ParVdm - ok
11:10:24.0398 3940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:10:24.0398 3940 PCI - ok
11:10:24.0668 3940 PCIDump - ok
11:10:24.0999 3940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
11:10:24.0999 3940 PCIIde - ok
11:10:25.0339 3940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:10:25.0339 3940 Pcmcia - ok
11:10:25.0680 3940 PDCOMP - ok
11:10:25.0980 3940 PDFRAME - ok
11:10:26.0291 3940 PDRELI - ok
11:10:26.0591 3940 PDRFRAME - ok
11:10:26.0891 3940 perc2 - ok
11:10:27.0192 3940 perc2hib - ok
11:10:27.0602 3940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:10:27.0602 3940 PptpMiniport - ok
11:10:27.0993 3940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:10:28.0003 3940 PSched - ok
11:10:28.0343 3940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:10:28.0353 3940 Ptilink - ok
11:10:28.0634 3940 ql1080 - ok
11:10:28.0934 3940 Ql10wnt - ok
11:10:29.0235 3940 ql12160 - ok
11:10:29.0535 3940 ql1240 - ok
11:10:29.0836 3940 ql1280 - ok
11:10:30.0166 3940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:10:30.0166 3940 RasAcd - ok
11:10:30.0527 3940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:10:30.0527 3940 Rasl2tp - ok
11:10:30.0897 3940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:10:30.0897 3940 RasPppoe - ok
11:10:31.0258 3940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:10:31.0258 3940 Raspti - ok
11:10:31.0648 3940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:10:31.0648 3940 Rdbss - ok
11:10:32.0009 3940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:10:32.0009 3940 RDPCDD - ok
11:10:32.0419 3940 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:10:32.0459 3940 RDPWD - ok
11:10:32.0800 3940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:10:32.0800 3940 redbook - ok
11:10:33.0210 3940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:10:33.0210 3940 Secdrv - ok
11:10:33.0571 3940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:10:33.0571 3940 Serial - ok
11:10:33.0931 3940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:10:33.0931 3940 Sfloppy - ok
11:10:34.0272 3940 Simbad - ok
11:10:34.0582 3940 Sparrow - ok
11:10:34.0933 3940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:10:34.0933 3940 splitter - ok
11:10:35.0313 3940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:10:35.0323 3940 sr - ok
11:10:35.0694 3940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:10:35.0704 3940 Srv - ok
11:10:36.0075 3940 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
11:10:36.0095 3940 STAC97 - ok
11:10:36.0475 3940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:10:36.0475 3940 swenum - ok
11:10:36.0856 3940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:10:36.0856 3940 swmidi - ok
11:10:37.0196 3940 symc810 - ok
11:10:37.0497 3940 symc8xx - ok
11:10:37.0827 3940 sym_hi - ok
11:10:38.0128 3940 sym_u3 - ok
11:10:38.0478 3940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:10:38.0478 3940 sysaudio - ok
11:10:38.0889 3940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:10:38.0919 3940 Tcpip - ok
11:10:39.0289 3940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:10:39.0289 3940 TDPIPE - ok
11:10:39.0710 3940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:10:39.0710 3940 TDTCP - ok
11:10:40.0080 3940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:10:40.0080 3940 TermDD - ok
11:10:40.0421 3940 TosIde - ok
11:10:40.0451 3940 Suspicious service (NoAccess): UACd.sys
11:10:40.0761 3940 UACd.sys (e0bab02d685e0168b28e5f74f0b94c30) C:\WINDOWS\system32\drivers\UACgoecpxdwobevkypjy.sys
11:10:40.0761 3940 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\UACgoecpxdwobevkypjy.sys. md5: e0bab02d685e0168b28e5f74f0b94c30
11:10:40.0761 3940 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\UACgoecpxdwobevkypjy.sys. md5: e0bab02d685e0168b28e5f74f0b94c30
11:10:40.0761 3940 UACd.sys ( Rootkit.Win32.TDSS.tdl2 ) - infected
11:10:40.0761 3940 UACd.sys - detected Rootkit.Win32.TDSS.tdl2 (0)
11:10:41.0092 3940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:10:41.0092 3940 Udfs - ok
11:10:41.0382 3940 ultra - ok
11:10:41.0733 3940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:10:41.0763 3940 Update - ok
11:10:42.0163 3940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:10:42.0163 3940 usbccgp - ok
11:10:42.0524 3940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:10:42.0524 3940 usbehci - ok
11:10:42.0894 3940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:10:42.0894 3940 usbhub - ok
11:10:43.0265 3940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:10:43.0275 3940 usbprint - ok
11:10:43.0635 3940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:10:43.0635 3940 USBSTOR - ok
11:10:44.0006 3940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:10:44.0006 3940 usbuhci - ok
11:10:44.0366 3940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:10:44.0366 3940 VgaSave - ok
11:10:44.0687 3940 ViaIde - ok
11:10:45.0118 3940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:10:45.0118 3940 VolSnap - ok
11:10:45.0538 3940 w70n51 (8e5cf571c00c806ed7c08dbb74356646) C:\WINDOWS\system32\DRIVERS\w70n51.sys
11:10:45.0568 3940 w70n51 - ok
11:10:45.0929 3940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:10:45.0929 3940 Wanarp - ok
11:10:46.0249 3940 WDICA - ok
11:10:46.0590 3940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:10:46.0600 3940 wdmaud - ok
11:10:46.0820 3940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:10:47.0791 3940 \Device\Harddisk0\DR0 - ok
11:10:47.0811 3940 Boot (0x1200) (4790af5bfe19dc60c248e2a1ffb6ea6d) \Device\Harddisk0\DR0\Partition0
11:10:47.0811 3940 \Device\Harddisk0\DR0\Partition0 - ok
11:10:47.0821 3940 ============================================================
11:10:47.0821 3940 Scan finished
11:10:47.0821 3940 ============================================================
11:10:47.0852 1600 Detected object count: 1
11:10:47.0852 1600 Actual detected object count: 1
11:11:05.0146 1600 C:\WINDOWS\system32\drivers\UACgoecpxdwobevkypjy.sys - will be deleted on reboot
11:11:05.0146 1600 C:\WINDOWS\system32\UACnadmfysoqljhtagxl.dll - will be deleted on reboot
11:11:05.0146 1600 C:\WINDOWS\system32\UACqbuxyadxjajntjrnw.dll - will be deleted on reboot
11:11:05.0146 1600 C:\WINDOWS\system32\UACexdwarjicrrsuklyi.dat - will be deleted on reboot
11:11:05.0146 1600 C:\WINDOWS\system32\UACuppyebvsbgpoqotxi.dll - will be deleted on reboot
11:11:05.0146 1600 C:\WINDOWS\system32\UACtabsorkcjtwyfgeop.dll - will be deleted on reboot
11:11:05.0146 1600 HKLM\SYSTEM\ControlSet001\services\UACd.sys - will be deleted on reboot
11:11:05.0146 1600 HKLM\SYSTEM\ControlSet003\services\UACd.sys - will be deleted on reboot
11:11:05.0186 1600 C:\WINDOWS\system32\drivers\UACgoecpxdwobevkypjy.sys - will be deleted on reboot
11:11:05.0186 1600 UACd.sys ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
11:11:45.0785 1768 Deinitialize success

---------------------------------------------
checkup.txt
---------------------------------------------
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
COMODO Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 3rd, 2011, 12:18 pm

Hmandy99,
Uninstall either avast or Comodo Antivirus protection.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 3rd, 2011, 5:26 pm

Hi Cypher,

I uninstalled Avast (since it wasn't working anyway). Then I downloaded and ran ComboFix. I had a few hitches while running ComboFix that I thought you might want to know about.

-----------------------------
Issues with ComboFix
-----------------------------
I couldn't run the executable I downloaded from Link 1 (I didn't write down the error message, but it was something about a possibly corrupted download). I then downloaded and ran the executable from Link 2. When I did, I got the following message:

"There's a newer version of ComboFix available. Would you like to update ComboFix?"

I chose No. Then, when ComboFix tried to install the Windows Recovery Console, I got the following error message:

"Failed to download required files. Aborting... Shall continue scanning for malware"

I clicked OK, then ComboFix completed the rest of the scan as expected. The log is at the end of this post.

-----------------------------------
State of Computer After ComboFix
-----------------------------------
I checked all of the things I had problems with before I posted. At first, MBAM and SpywareBlaster would not update. On my last check, now both programs can be updated. I uninstalled Avast, so I can't check that error. Finally, at first, Internet Explorer would not run, and it still will not run. When I try to open IE, I get the following error:

Header (not part of message, but I thought pertinent): C:\Program Files\Internet Explorer\iexplore.exe
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item"

So, some things have been fixed, but IE is still a problem.

-----------------------------------------
ComboFix.txt
-----------------------------------------
ComboFix 11-10-30.03 - Lynette 11/03/2011 16:49:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.13 [GMT -4:00]
Running from: c:\documents and settings\Lynette\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOG14.tmp
C:\LOG1D.tmp
C:\LOG22.tmp
C:\LOG233.tmp
C:\LOG252.tmp
C:\LOG29D.tmp
C:\LOG32.tmp
C:\LOG39.tmp
C:\LOG49.tmp
C:\LOG68.tmp
C:\LOG6C.tmp
C:\LOG71.tmp
C:\LOG7E.tmp
C:\LOG9F.tmp
c:\program files\Common Files\Uninstall
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-02 01:38 . 2011-11-02 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-02 01:38 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 22:37 . 2011-10-11 22:37 -------- d--h--w- c:\windows\PIF
2011-10-11 18:23 . 2011-10-11 18:23 -------- d-----w- c:\program files\ACW
2011-10-11 18:12 . 2011-11-03 20:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-11 17:01 . 2011-10-11 17:01 -------- d-----w- c:\program files\iPod
2011-10-11 17:01 . 2011-10-11 17:03 -------- d-----w- c:\program files\iTunes
2011-10-11 17:01 . 2011-10-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-11 16:55 . 2011-10-11 16:57 -------- d-----w- c:\program files\QuickTime
2011-10-11 16:49 . 2011-10-11 16:49 -------- d-----w- c:\program files\Bonjour
2011-10-11 15:52 . 2011-10-11 15:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 03:02 . 2011-10-11 03:02 -------- d-----w- c:\program files\COMODO
2011-10-11 02:10 . 2011-11-02 01:28 -------- d-----w- c:\program files\SpywareBlaster
2011-10-11 02:05 . 2011-10-11 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-10-11 02:02 . 2011-10-11 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-10-11 00:55 . 2011-10-11 00:55 -------- d-----w- c:\program files\Common Files\Java
2011-10-11 00:55 . 2011-05-04 08:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-11 00:55 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 23:29 . 2011-11-03 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-10 23:29 . 2011-10-10 23:29 -------- d-----w- c:\program files\AVAST Software
2011-10-10 23:06 . 2011-10-10 23:06 -------- d-----w- c:\documents and settings\Lynette\Application Data\AVG2012
2011-10-10 23:03 . 2011-10-10 23:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-10 22:55 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-10 22:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-10 22:53 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-10 22:53 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-10 22:53 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-10 22:52 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-10 22:50 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-10 22:49 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-10 22:47 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-10 22:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-10 22:45 . 2011-10-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-10 22:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-10 22:07 . 2011-10-10 22:07 -------- d-----w- c:\program files\VS Revo Group
2011-10-10 20:36 . 2011-06-23 18:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-10 20:35 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-10 16:39 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-09 19:15 . 2011-10-09 19:15 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-10-11 02:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-26 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... 547d9d9afd" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 29400]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [12/20/2007 12:22 AM 26190]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Lynette\Application Data\Mozilla\Firefox\Profiles\ynt30tpd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://malwareremoval.com/forum/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
Notify-uyfdvwbc - c:\documents and settings\Lynette\Application Data\uyfdvwbc.dll
SafeBoot-71022769.sys
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 16:59
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\guard32.dll
.
Completion time: 2011-11-03 17:04:32
ComboFix-quarantined-files.txt 2011-11-03 21:04
.
Pre-Run: 31,967,539,200 bytes free
Post-Run: 32,623,751,168 bytes free
.
- - End Of File - - 919B0B28588D9C305BB62201C08E8076
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 4th, 2011, 7:08 am

Hi mandy99,

Recovery Console

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Go to Microsoft's website => http://support.microsoft.com/kb/310994
  • Select the download that's appropriate for your Operating System
    Image
  • Download the file & save it as it's originally named. Save the file to the desktop of your computer
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    Image
  • Drag the setup package onto ComboFix.exe and drop it
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console
    Image
  • At the next prompt, click No to exit

Next.

Please delete the copy of ComboFix on your Desktop and download a fresh copy.
If you get the message, "There's a newer version of ComboFix available. Would you like to update ComboFix?" click Yes.
Now run ComboFix again and post the new log in your next reply.

Next.

Malwarebytes Anti-Malware

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Logs/Information to Post in your Next Reply

  • New ComboFix log.
  • Malwarebytes log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 4th, 2011, 7:37 pm

Hi Cypher,

Thanks for your patience. I followed your directions regarding the Recovery Console and ComboFix. The Recovery Console installed this time around, and the ComboFix log is posted at the end of this post.

Unfortunately, today when I opened Malwarebytes' Anti-malware and clicked on updates, the update error that seemed to be resolved yesterday was back. I took a screenshot of the error message:

Image

I ran the MBAM scan anyway (no malicious items were found), and posted it below the combofix log.

So, as far as the computer goes, I'm back to not being able to update MBAM and IE is still inoperable.

----------------------------------------
ComboFix Log
----------------------------------------
ComboFix 11-11-04.04 - Lynette 11/04/2011 18:38:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.13 [GMT -4:00]
Running from: c:\documents and settings\Lynette\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-02 01:38 . 2011-11-02 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-02 01:38 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 22:37 . 2011-10-11 22:37 -------- d--h--w- c:\windows\PIF
2011-10-11 18:23 . 2011-10-11 18:23 -------- d-----w- c:\program files\ACW
2011-10-11 18:12 . 2011-11-03 20:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-11 17:01 . 2011-10-11 17:01 -------- d-----w- c:\program files\iPod
2011-10-11 17:01 . 2011-10-11 17:03 -------- d-----w- c:\program files\iTunes
2011-10-11 17:01 . 2011-10-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-11 16:57 . 2011-10-11 16:57 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-11 16:55 . 2011-10-11 16:57 -------- d-----w- c:\program files\QuickTime
2011-10-11 16:49 . 2011-10-11 16:49 -------- d-----w- c:\program files\Bonjour
2011-10-11 15:52 . 2011-10-11 15:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 03:02 . 2011-10-11 03:02 -------- d-----w- c:\program files\COMODO
2011-10-11 02:10 . 2011-11-03 21:06 -------- d-----w- c:\program files\SpywareBlaster
2011-10-11 02:05 . 2011-10-11 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-10-11 02:02 . 2011-10-11 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-10-11 00:55 . 2011-10-11 00:55 -------- d-----w- c:\program files\Common Files\Java
2011-10-11 00:55 . 2011-05-04 08:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-11 00:55 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 23:29 . 2011-11-03 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-10 23:29 . 2011-10-10 23:29 -------- d-----w- c:\program files\AVAST Software
2011-10-10 23:06 . 2011-10-10 23:06 -------- d-----w- c:\documents and settings\Lynette\Application Data\AVG2012
2011-10-10 23:03 . 2011-10-10 23:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-10 22:55 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-10 22:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-10 22:53 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-10 22:53 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-10 22:53 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-10 22:52 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-10 22:50 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-10 22:49 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-10 22:47 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-10 22:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-10 22:45 . 2011-10-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-10 22:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-10 22:07 . 2011-10-10 22:07 -------- d-----w- c:\program files\VS Revo Group
2011-10-10 20:36 . 2011-06-23 18:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-10 20:35 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-10 16:39 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-09 19:15 . 2011-10-09 19:15 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-10-11 02:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-26 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... 547d9d9afd" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 29400]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [12/20/2007 12:22 AM 26190]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Lynette\Application Data\Mozilla\Firefox\Profiles\ynt30tpd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://malwareremoval.com/forum/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-04 18:51:31
ComboFix-quarantined-files.txt 2011-11-04 22:51
ComboFix2.txt 2011-11-03 21:04
.
Pre-Run: 32,591,872,000 bytes free
Post-Run: 32,581,386,240 bytes free
.
- - End Of File - - 51376802E0AFCF5E029DF31DEC8585E8

--------------------------------------------------------
MBAM Log
--------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 8079

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/4/2011 7:11:33 PM
mbam-log-2011-11-04 (19-11-32).txt

Scan type: Quick scan
Objects scanned: 167224
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 5th, 2011, 6:46 am

Hi mandy99,

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (C:) > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    Click Start > Run. Copy and paste the contents of the codebox below into the run box.
    (Do Not include Code:) Then click OK:
Code: Select all
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt
  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 5th, 2011, 10:26 am

Junction log
-------------------------------------

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...


Failed to open \\?\c:\\Program Files\Internet Explorer\iexplore.exe: Access is denied.


...

...

...

...

...

..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

No reparse points found.
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 5th, 2011, 12:32 pm

Hi mandy99,
Internet Explorer would not run, and it still will not run. When I try to open IE, I get the following error:

Do the following then give me an update on Internet Explorer and malwarebytes Anti-Malware please.
Let me know if it solves the problems you are having with both.

Please download GrantPerms.zip by Farbar and save it to your desktop.

  • Right click GrantPerms.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next > Next > Finish.
  • Enter the GrantPerms folder & double click GrantPerms.exe to run it.
  • Copy and paste the contents of the codebox below into the whitebox (Do Not include Code:)
Code: Select all
c:\\Program Files\Internet Explorer\iexplore.exe

  • Now Click Unlock
  • When it's done, click "OK".
  • Now click List Permissions and post contents of the log file that opens (Perms.txt)
  • A copy of Perms.txt will be saved in the same directory the tool is run.

Next.

Lets reinstall malwarebytes Anti-Malware to see if that solves the update problem.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Malwarebytes' Anti-Malware

Now reboot your PC.

Next.

  • Download and run This utility
  • it will ask to restart your computer (please allow it to).
  • Next install the latest version of malwarebytes Anti-Malware from Here.
  • Then follow my previous instructions for updating and running it, post the log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 5th, 2011, 7:36 pm

Hi Cypher,

Sorry about the delay in replies. Oddly enough, it seems as though I have less time on the weekend. Tomorrow (Sunday), I probably won't be able to reply until late in the evening.

I ran GrantPermissions, but it failed. The log is posted below.

I also uninstalled, ran mbam-clean, and reinstalled MBAM. In that process, I saw some really odd behavior on my internet connection. On this computer, I'm connect via a wireless home network. When I tried to download mbam from the link you provided, without fail, at ~90% my wireless connection disconnected. I had previously downloaded a firefox plugin that allows pauses in downloads, so after my 2nd attempt to download normally, I used the plugin. That download stopped somewhere after 90%, but the plugin allowed it to download anyway. Since that download had an interruption, I wanted to try one last time to download without a break in the connection, so I clicked the link you provided again, but this time, my browser would not go there (got a firefox error saying try again, can't reach the server) & I checked in the tray and my wireless connection was disconnected again. Normally, I never have connection problems, so it seems to me, it has to do with what I was trying to download.

The download I did with the plugin appeared to have downloaded intact, so I ran that version of the installer. It updated and ran, but MBAM detected no malicious items. The log is also posted below.

I'm still getting the same error with IE.

------------------------------------------------
Perms.txt
------------------------------------------------
GrantPerms by Farbar
Ran by Lynette at 2011-11-05 18:55:23

===============================================
ERROR: Parsing the SD of <\\?\c:\\Program Files\Internet Explorer\iexplore.exe> failed with: Access is denied.


Operating system error message: Access is denied.

----------------------------------------
mbam-log-2011-11-05(19-21-29).txt
----------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 8094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/5/2011 7:21:29 PM
mbam-log-2011-11-05 (19-21-29).txt

Scan type: Quick scan
Objects scanned: 167533
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 6th, 2011, 7:27 am

Hi mandy99,
Sorry about the delay in replies.

Not a problem :)
I ran GrantPermissions, but it failed.

Ok lets try again see below.
I saw some really odd behavior on my internet connection. On this computer, I'm connect via a wireless home network.

The error you were getting when you tried to update MBAM, indicates that your router may have been hijacked, so lets reset it.

Reset your Router to its default configuration.
  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.


Next.

  • Enter the GrantPerms folder & double click GrantPerms.exe to run it.
  • Copy and paste the contents of the codebox below into the whitebox (Do Not include Code:)
Code: Select all
c:\\Program Files\Internet Explorer\iexplore.exe

  • Now Click Unlock
  • When it's done, click "OK".
  • Now click List Permissions and post contents of the log file that opens (Perms.txt)
  • A copy of Perms.txt will be saved in the same directory the tool is run.


Logs/Information to Post in your Next Reply

  • Any problems resetting your router?
  • Perms.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 7th, 2011, 6:42 pm

Hi Cypher,

Sorry for the delay, I had to wait to reset my router until a time when no one else needed the internet. I reset my router (I already had a non-default password, but it's not possible to change the username), and while every other computer on my network was fine, the laptop that we've been working on couldn't connect for awhile.* I finally got it back online.

I ran GrantPermissions again, with the same result. The log is posted below.

I think that the only problem remaining (at least as far as I can tell) is that Internet Explorer still will not run.

Thanks again,
Mandy99

*edited to update my current status
--------------------------------------------
Perms.txt
--------------------------------------------
GrantPerms by Farbar
Ran by Lynette at 2011-11-07 18:11:48

===============================================
ERROR: Parsing the SD of <\\?\c:\\Program Files\Internet Explorer\iexplore.exe> failed with: Access is denied.


Operating system error message: Access is denied.
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware