also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Inactive] [A] Just recovered from virus... am I clean?

Discussion in 'Virus and Malware Removal' started by meowwl, Feb 3, 2012.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Broni Malware Annihilator

    Run the fix from safe mode.
    Broni, Feb 7, 2012
    #21

  2. meowwl Newcomer, in training

    Ran fine from safemode, here's that log...

    All processes killed
    ========== OTL ==========
    Service SansaService stopped successfully!
    Service SansaService deleted successfully!
    Service KodakCCS stopped successfully!
    Service KodakCCS deleted successfully!
    Service iPodService stopped successfully!
    Service iPodService deleted successfully!
    Error: No service named getPlusHelper) getPlus(R was found to stop!
    Service\Driver key getPlusHelper) getPlus(R not found.
    Service AOLService stopped successfully!
    Service AOLService deleted successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    C:\Documents and Settings\Vicki\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk moved successfully.
    C:\Documents and Settings\Vicki\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk moved successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultswim.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\my.screenname\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neopets.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantec.com\security\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2346964351-1378597042-571444116-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\www\ deleted successfully.
    Starting removal of ActiveX control ActiveGS.cab
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ActiveGS.cab\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ActiveGS.cab\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ActiveGS.cab\ not found.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Vicki\Application Data\Viewpoint folder moved successfully.
    Unable to delete ADS C:\WINDOWS\System32\uxtheme.backup:SummaryInformation .
    Unable to delete ADS C:\WINDOWS\System32\systray.exe:SummaryInformation .
    Unable to delete ADS C:\Documents and Settings\Owner\Desktop\NewRxForm.pdf:SummaryInformation .
    Unable to delete ADS C:\WINDOWS\System32\calc.exe:SummaryInformation .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 2870 bytes

    User: Administrator.HOME
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 112094 bytes
    ->FireFox cache emptied: 8451914 bytes
    ->Flash cache emptied: 427 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 786566 bytes
    ->FireFox cache emptied: 26720049 bytes
    ->Flash cache emptied: 1565 bytes

    User: Owner
    ->Temp folder emptied: 2641654 bytes
    ->Temporary Internet Files folder emptied: 3611116 bytes
    ->Java cache emptied: 1771770 bytes
    ->FireFox cache emptied: 140204288 bytes
    ->Flash cache emptied: 29708 bytes

    User: Vicki
    ->Temp folder emptied: 44637098 bytes
    ->Temporary Internet Files folder emptied: 90418771 bytes
    ->Java cache emptied: 192295429 bytes
    ->FireFox cache emptied: 28263828 bytes
    ->Flash cache emptied: 130341 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 129209 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2712 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64244558 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 44155 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 577.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.HOME

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Vicki
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Administrator.HOME
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Vicki
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02072012_182158

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    meowwl, Feb 7, 2012
    #22

  3. meowwl Newcomer, in training

    Security check log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    McAfee SecurityCenter
    McAfee Virtual Technician
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Secunia PSI (2.0.0.4003)
    CCleaner
    Java(TM) 6 Update 30
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````



    And Farbar log.

    Farbar Service Scanner Version: 05-02-2012
    Ran by Owner (administrator) on 07-02-2012 at 20:12:04
    Running from "C:\Documents and Settings\Owner\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Bridge(9) BridgeMP(8) Gpc(6) IPSec(4) mfetdi2k(10) NetBT(5) PSched(7) Tcpip(3)
    0x0B000000040000000100000002000000030000000A0000000B0000000500000006000000070000000800000009000000
    IpSec Tag value is correct.

    **** End of log ****

    Preparing to run the ESET scan now.
    meowwl, Feb 7, 2012
    #23

  4. meowwl Newcomer, in training

    And here's the eset log. Took nearly 6 hours to run!

    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0080187.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0080202.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0081147.sys a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP300\A0085557.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\TDSSKiller_Quarantine\03.02.2012_11.57.03\susp0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.02.2012_12.43.43\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
    meowwl, Feb 8, 2012
    #24

  5. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Feb 8, 2012
    #25

  6. meowwl Newcomer, in training

    All appears to be running alright. Still slow, but as I said earlier, that's most likely having both Mbam and McAfee running....Mcafee is indubitably a memory hog, when you total all its varied processes. I'm looking through the alternatives and reviews, but haven't decided on one yet. I'll keep it until I do. I already had Secunia installed...have had it for a couple months. My brother in law recommended it. It found a few things on my machine that were so old that, if they'd been alive they'd have farted dust!

    There is one oddity that is sort of concerning...Mbam keeps popping up warnings about an outgoing connection to a handful of IP addresses. It doesn't say what is initiating these connections. Nothing shows on Mbam scan, nor on Mcaffee scan.
    meowwl, Feb 9, 2012
    #26

  7. Broni Malware Annihilator

    That's not good.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, Feb 9, 2012
    #27

  8. meowwl Newcomer, in training

    Here's the log. Should I rerun it with all the optional parameters checked?

    17:08:52.0156 0436 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    17:08:52.0765 0436 ============================================================
    17:08:52.0765 0436 Current date / time: 2012/02/09 17:08:52.0765
    17:08:52.0765 0436 SystemInfo:
    17:08:52.0765 0436
    17:08:52.0765 0436 OS Version: 5.1.2600 ServicePack: 3.0
    17:08:52.0765 0436 Product type: Workstation
    17:08:52.0765 0436 ComputerName: HOME
    17:08:52.0765 0436 UserName: Owner
    17:08:52.0765 0436 Windows directory: C:\WINDOWS
    17:08:52.0765 0436 System windows directory: C:\WINDOWS
    17:08:52.0765 0436 Processor architecture: Intel x86
    17:08:52.0765 0436 Number of processors: 1
    17:08:52.0765 0436 Page size: 0x1000
    17:08:52.0765 0436 Boot type: Normal boot
    17:08:52.0765 0436 ============================================================
    17:08:55.0640 0436 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3C94, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    17:08:55.0703 0436 \Device\Harddisk0\DR0:
    17:08:55.0703 0436 MBR used
    17:08:55.0703 0436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
    17:08:55.0703 0436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0xD47C900
    17:08:56.0015 0436 Initialize success
    17:08:56.0015 0436 ============================================================
    17:09:13.0046 2844 ============================================================
    17:09:13.0046 2844 Scan started
    17:09:13.0046 2844 Mode: Manual;
    17:09:13.0046 2844 ============================================================
    17:09:13.0703 2844 Abiosdsk - ok
    17:09:14.0062 2844 abp480n5 - ok
    17:09:14.0468 2844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:09:14.0468 2844 ACPI - ok
    17:09:14.0921 2844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:09:14.0921 2844 ACPIEC - ok
    17:09:15.0281 2844 adpu160m - ok
    17:09:15.0734 2844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:09:15.0734 2844 aec - ok
    17:09:16.0218 2844 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    17:09:16.0218 2844 AFD - ok
    17:09:16.0640 2844 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
    17:09:16.0640 2844 AFS2K - ok
    17:09:17.0062 2844 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    17:09:17.0062 2844 agp440 - ok
    17:09:17.0437 2844 Aha154x - ok
    17:09:17.0750 2844 aic78u2 - ok
    17:09:18.0078 2844 aic78xx - ok
    17:09:18.0546 2844 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    17:09:18.0562 2844 ALCXSENS - ok
    17:09:20.0234 2844 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    17:09:20.0296 2844 ALCXWDM - ok
    17:09:20.0781 2844 AliIde - ok
    17:09:21.0171 2844 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    17:09:21.0171 2844 AmdK7 - ok
    17:09:21.0562 2844 amsint - ok
    17:09:21.0937 2844 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    17:09:21.0937 2844 Arp1394 - ok
    17:09:22.0312 2844 asc - ok
    17:09:22.0656 2844 asc3350p - ok
    17:09:22.0968 2844 asc3550 - ok
    17:09:23.0343 2844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:09:23.0343 2844 AsyncMac - ok
    17:09:23.0781 2844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:09:23.0781 2844 atapi - ok
    17:09:24.0140 2844 Atdisk - ok
    17:09:24.0515 2844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:09:24.0515 2844 Atmarpc - ok
    17:09:25.0031 2844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:09:25.0031 2844 audstub - ok
    17:09:25.0781 2844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:09:25.0781 2844 Beep - ok
    17:09:26.0250 2844 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    17:09:26.0265 2844 Bridge - ok
    17:09:26.0296 2844 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    17:09:26.0296 2844 BridgeMP - ok
    17:09:26.0312 2844 catchme - ok
    17:09:26.0734 2844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:09:26.0734 2844 cbidf2k - ok
    17:09:27.0156 2844 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:09:27.0156 2844 CCDECODE - ok
    17:09:27.0546 2844 cd20xrnt - ok
    17:09:27.0906 2844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:09:27.0906 2844 Cdaudio - ok
    17:09:28.0359 2844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:09:28.0359 2844 Cdfs - ok
    17:09:28.0828 2844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:09:28.0828 2844 Cdrom - ok
    17:09:29.0296 2844 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
    17:09:29.0296 2844 cfwids - ok
    17:09:29.0703 2844 Changer - ok
    17:09:30.0062 2844 CmdIde - ok
    17:09:30.0468 2844 Cpqarray - ok
    17:09:30.0828 2844 dac2w2k - ok
    17:09:31.0171 2844 dac960nt - ok
    17:09:31.0468 2844 DCamUSBVeo532 - ok
    17:09:31.0843 2844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:09:31.0843 2844 Disk - ok
    17:09:32.0796 2844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:09:32.0812 2844 dmboot - ok
    17:09:33.0546 2844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:09:33.0546 2844 dmio - ok
    17:09:34.0281 2844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:09:34.0296 2844 dmload - ok
    17:09:34.0843 2844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:09:34.0843 2844 DMusic - ok
    17:09:35.0453 2844 dpti2o - ok
    17:09:36.0109 2844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:09:36.0109 2844 drmkaud - ok
    17:09:36.0687 2844 EagleNT - ok
    17:09:37.0296 2844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:09:37.0312 2844 Fastfat - ok
    17:09:38.0000 2844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:09:38.0000 2844 Fdc - ok
    17:09:38.0687 2844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:09:38.0687 2844 Fips - ok
    17:09:39.0437 2844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:09:39.0437 2844 Flpydisk - ok
    17:09:40.0187 2844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    17:09:40.0203 2844 FltMgr - ok
    17:09:40.0906 2844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:09:40.0921 2844 Fs_Rec - ok
    17:09:41.0484 2844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:09:41.0484 2844 Ftdisk - ok
    17:09:41.0953 2844 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    17:09:41.0953 2844 GEARAspiWDM - ok
    17:09:42.0421 2844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:09:42.0437 2844 Gpc - ok
    17:09:43.0156 2844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:09:43.0156 2844 HidUsb - ok
    17:09:43.0562 2844 hpn - ok
    17:09:44.0062 2844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:09:44.0078 2844 HTTP - ok
    17:09:44.0609 2844 i2omgmt - ok
    17:09:44.0968 2844 i2omp - ok
    17:09:45.0343 2844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:09:45.0343 2844 i8042prt - ok
    17:09:46.0187 2844 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    17:09:46.0203 2844 ialm - ok
    17:09:46.0625 2844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:09:46.0625 2844 Imapi - ok
    17:09:47.0031 2844 ini910u - ok
    17:09:47.0421 2844 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    17:09:47.0421 2844 IntelIde - ok
    17:09:47.0859 2844 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    17:09:47.0859 2844 ip6fw - ok
    17:09:48.0406 2844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:09:48.0406 2844 IpFilterDriver - ok
    17:09:48.0828 2844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:09:48.0828 2844 IpInIp - ok
    17:09:49.0312 2844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:09:49.0312 2844 IpNat - ok
    17:09:49.0750 2844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:09:49.0750 2844 IPSec - ok
    17:09:50.0218 2844 IPVNMon (f60af0f89204a9177d110e3b2bd9fa0b) C:\WINDOWS\system32\drivers\IPVNMon.sys
    17:09:50.0218 2844 IPVNMon - ok
    17:09:50.0656 2844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:09:50.0656 2844 IRENUM - ok
    17:09:51.0109 2844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:09:51.0125 2844 isapnp - ok
    17:09:51.0562 2844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:09:51.0562 2844 Kbdclass - ok
    17:09:52.0281 2844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:09:52.0343 2844 kmixer - ok
    17:09:53.0843 2844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:09:53.0843 2844 KSecDD - ok
    17:09:53.0984 2844 Lavasoft Kernexplorer - ok
    17:09:54.0625 2844 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    17:09:54.0625 2844 Lbd - ok
    17:09:54.0953 2844 lbrtfdc - ok
    17:09:55.0687 2844 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    17:09:55.0687 2844 ltmodem5 - ok
    17:09:56.0125 2844 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    17:09:56.0140 2844 MBAMProtector - ok
    17:09:56.0750 2844 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
    17:09:56.0750 2844 mfeapfk - ok
    17:09:57.0390 2844 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
    17:09:57.0406 2844 mfeavfk - ok
    17:09:57.0953 2844 mfeavfk01 - ok
    17:09:58.0359 2844 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
    17:09:58.0359 2844 mfebopk - ok
    17:09:59.0031 2844 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
    17:09:59.0046 2844 mfefirek - ok
    17:09:59.0718 2844 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
    17:09:59.0734 2844 mfehidk - ok
    17:10:00.0171 2844 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    17:10:00.0187 2844 mfendisk - ok
    17:10:00.0234 2844 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    17:10:00.0234 2844 mfendiskmp - ok
    17:10:00.0859 2844 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
    17:10:00.0875 2844 mferkdet - ok
    17:10:01.0328 2844 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
    17:10:01.0328 2844 mferkdk - ok
    17:10:01.0937 2844 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
    17:10:01.0953 2844 mfesmfk - ok
    17:10:02.0390 2844 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    17:10:02.0390 2844 mfetdi2k - ok
    17:10:02.0968 2844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:10:02.0968 2844 mnmdd - ok
    17:10:03.0421 2844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:10:03.0421 2844 Modem - ok
    17:10:04.0000 2844 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    17:10:04.0000 2844 motmodem - ok
    17:10:04.0421 2844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:10:04.0421 2844 Mouclass - ok
    17:10:05.0000 2844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:10:05.0000 2844 mouhid - ok
    17:10:05.0453 2844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:10:05.0453 2844 MountMgr - ok
    17:10:05.0968 2844 mraid35x - ok
    17:10:06.0390 2844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:10:06.0406 2844 MRxDAV - ok
    17:10:07.0125 2844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:10:07.0140 2844 MRxSmb - ok
    17:10:07.0593 2844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:10:07.0593 2844 Msfs - ok
    17:10:08.0140 2844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:10:08.0140 2844 MSKSSRV - ok
    17:10:08.0562 2844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:10:08.0562 2844 MSPCLOCK - ok
    17:10:09.0140 2844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:10:09.0156 2844 MSPQM - ok
    17:10:09.0812 2844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:10:09.0812 2844 mssmbios - ok
    17:10:10.0406 2844 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    17:10:10.0406 2844 MSTEE - ok
    17:10:10.0812 2844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:10:10.0812 2844 Mup - ok
    17:10:11.0406 2844 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:10:11.0421 2844 NABTSFEC - ok
    17:10:11.0906 2844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:10:11.0906 2844 NDIS - ok
    17:10:12.0515 2844 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:10:12.0515 2844 NdisIP - ok
    17:10:12.0953 2844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:10:12.0953 2844 NdisTapi - ok
    17:10:13.0546 2844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:10:13.0546 2844 Ndisuio - ok
    17:10:14.0031 2844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:10:14.0031 2844 NdisWan - ok
    17:10:14.0609 2844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:10:14.0625 2844 NDProxy - ok
    17:10:15.0078 2844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:10:15.0078 2844 NetBIOS - ok
    17:10:15.0687 2844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:10:15.0703 2844 NetBT - ok
    17:10:16.0187 2844 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    17:10:16.0187 2844 NIC1394 - ok
    17:10:16.0796 2844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:10:16.0796 2844 Npfs - ok
    17:10:17.0406 2844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:10:17.0421 2844 Ntfs - ok
    17:10:18.0015 2844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:10:18.0015 2844 Null - ok
    17:10:21.0718 2844 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    17:10:21.0828 2844 nv - ok
    17:10:22.0296 2844 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
    17:10:22.0296 2844 NVENET - ok
    17:10:22.0687 2844 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    17:10:22.0687 2844 nv_agp - ok
    17:10:23.0125 2844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:10:23.0125 2844 NwlnkFlt - ok
    17:10:23.0484 2844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:10:23.0484 2844 NwlnkFwd - ok
    17:10:23.0859 2844 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    17:10:23.0875 2844 ohci1394 - ok
    17:10:24.0281 2844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:10:24.0296 2844 Parport - ok
    17:10:24.0718 2844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:10:24.0718 2844 PartMgr - ok
    17:10:25.0140 2844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:10:25.0140 2844 ParVdm - ok
    17:10:25.0593 2844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:10:25.0609 2844 PCI - ok
    17:10:26.0000 2844 PCIDump - ok
    17:10:26.0375 2844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:10:26.0375 2844 PCIIde - ok
    17:10:26.0859 2844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:10:26.0859 2844 Pcmcia - ok
    17:10:27.0234 2844 PDCOMP - ok
    17:10:27.0546 2844 PDFRAME - ok
    17:10:27.0828 2844 PDRELI - ok
    17:10:28.0109 2844 PDRFRAME - ok
    17:10:28.0390 2844 perc2 - ok
    17:10:28.0671 2844 perc2hib - ok
    17:10:29.0015 2844 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
    17:10:29.0015 2844 pfc - ok
    17:10:29.0484 2844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:10:29.0484 2844 PptpMiniport - ok
    17:10:29.0937 2844 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    17:10:29.0953 2844 Processor - ok
    17:10:30.0343 2844 PROCEXP151 - ok
    17:10:30.0781 2844 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
    17:10:30.0781 2844 Ps2 - ok
    17:10:31.0250 2844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:10:31.0250 2844 PSched - ok
    17:10:31.0671 2844 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    17:10:31.0687 2844 PSI - ok
    17:10:32.0140 2844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:10:32.0140 2844 Ptilink - ok
    17:10:32.0562 2844 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    17:10:32.0562 2844 PxHelp20 - ok
    17:10:32.0921 2844 ql1080 - ok
    17:10:33.0265 2844 Ql10wnt - ok
    17:10:33.0578 2844 ql12160 - ok
    17:10:33.0875 2844 ql1240 - ok
    17:10:34.0218 2844 ql1280 - ok
    17:10:34.0609 2844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:10:34.0609 2844 RasAcd - ok
    17:10:35.0062 2844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:10:35.0062 2844 Rasl2tp - ok
    17:10:35.0468 2844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:10:35.0484 2844 RasPppoe - ok
    17:10:35.0906 2844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:10:35.0906 2844 Raspti - ok
    17:10:36.0390 2844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:10:36.0390 2844 Rdbss - ok
    17:10:36.0843 2844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:10:36.0843 2844 RDPCDD - ok
    17:10:37.0343 2844 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:10:37.0343 2844 RDPWD - ok
    17:10:37.0812 2844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:10:37.0812 2844 redbook - ok
    17:10:38.0296 2844 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    17:10:38.0312 2844 rtl8139 - ok
    17:10:38.0734 2844 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
    17:10:38.0734 2844 S3Psddr - ok
    17:10:39.0281 2844 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
    17:10:39.0281 2844 SbcpHid - ok
    17:10:39.0734 2844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:10:39.0734 2844 Secdrv - ok
    17:10:40.0171 2844 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:10:40.0171 2844 Serenum - ok
    17:10:40.0640 2844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:10:40.0640 2844 Serial - ok
    17:10:41.0109 2844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:10:41.0109 2844 Sfloppy - ok
    17:10:41.0515 2844 Simbad - ok
    17:10:42.0015 2844 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    17:10:42.0015 2844 SiS315 - ok
    17:10:42.0375 2844 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    17:10:42.0375 2844 SISAGP - ok
    17:10:42.0781 2844 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    17:10:42.0781 2844 SiSkp - ok
    17:10:43.0171 2844 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:10:43.0171 2844 SLIP - ok
    17:10:43.0609 2844 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    17:10:43.0609 2844 SmartDefragDriver - ok
    17:10:44.0000 2844 Sparrow - ok
    17:10:44.0406 2844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:10:44.0406 2844 splitter - ok
    17:10:44.0828 2844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:10:44.0843 2844 sr - ok
    17:10:45.0343 2844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:10:45.0359 2844 Srv - ok
    17:10:45.0796 2844 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    17:10:45.0796 2844 StillCam - ok
    17:10:46.0234 2844 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:10:46.0234 2844 streamip - ok
    17:10:46.0687 2844 SunkFilt (a3df1466aafdc62b21765072c5edaa9a) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    17:10:46.0687 2844 SunkFilt - ok
    17:10:47.0093 2844 Sunkfiltp - ok
    17:10:47.0484 2844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:10:47.0484 2844 swenum - ok
    17:10:47.0906 2844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:10:47.0906 2844 swmidi - ok
    17:10:48.0312 2844 symc810 - ok
    17:10:48.0656 2844 symc8xx - ok
    17:10:48.0937 2844 sym_hi - ok
    17:10:49.0218 2844 sym_u3 - ok
    17:10:49.0546 2844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:10:49.0562 2844 sysaudio - ok
    17:10:50.0140 2844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:10:50.0140 2844 Tcpip - ok
    17:10:50.0562 2844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:10:50.0578 2844 TDPIPE - ok
    17:10:51.0000 2844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:10:51.0000 2844 TDTCP - ok
    17:10:51.0421 2844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:10:51.0421 2844 TermDD - ok
    17:10:51.0828 2844 TosIde - ok
    17:10:52.0250 2844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:10:52.0250 2844 Udfs - ok
    17:10:52.0625 2844 ultra - ok
    17:10:53.0140 2844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:10:53.0140 2844 Update - ok
    17:10:53.0609 2844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:10:53.0609 2844 usbccgp - ok
    17:10:54.0078 2844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:10:54.0078 2844 usbehci - ok
    17:10:54.0718 2844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:10:54.0718 2844 usbhub - ok
    17:10:55.0281 2844 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    17:10:55.0281 2844 usbohci - ok
    17:10:55.0718 2844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:10:55.0718 2844 usbprint - ok
    17:10:56.0171 2844 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:10:56.0171 2844 usbscan - ok
    17:10:56.0609 2844 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
    17:10:56.0609 2844 usbser - ok
    17:10:57.0046 2844 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
    17:10:57.0046 2844 usbsermpt - ok
    17:10:57.0500 2844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:10:57.0500 2844 USBSTOR - ok
    17:10:57.0953 2844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:10:57.0953 2844 usbuhci - ok
    17:10:58.0390 2844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:10:58.0390 2844 VgaSave - ok
    17:10:58.0796 2844 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    17:10:58.0812 2844 viaagp1 - ok
    17:10:59.0203 2844 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    17:10:59.0203 2844 ViaIde - ok
    17:10:59.0593 2844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:10:59.0609 2844 VolSnap - ok
    17:11:00.0046 2844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:11:00.0046 2844 Wanarp - ok
    17:11:00.0578 2844 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    17:11:00.0578 2844 wanatw - ok
    17:11:01.0140 2844 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    17:11:01.0156 2844 Wdf01000 - ok
    17:11:01.0578 2844 WDICA - ok
    17:11:02.0000 2844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:11:02.0000 2844 wdmaud - ok
    17:11:02.0531 2844 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    17:11:02.0531 2844 WpdUsb - ok
    17:11:02.0953 2844 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:11:02.0953 2844 WS2IFSL - ok
    17:11:03.0390 2844 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:11:03.0406 2844 WSTCODEC - ok
    17:11:03.0859 2844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:11:03.0859 2844 WudfPf - ok
    17:11:04.0343 2844 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
    17:11:04.0343 2844 WUDFRd - ok
    17:11:04.0687 2844 XDva098 - ok
    17:11:05.0046 2844 XDva143 - ok
    17:11:05.0312 2844 XDva189 - ok
    17:11:05.0609 2844 XDva195 - ok
    17:11:05.0906 2844 XDva219 - ok
    17:11:06.0203 2844 XDva224 - ok
    17:11:06.0515 2844 XDva238 - ok
    17:11:06.0796 2844 XDva248 - ok
    17:11:07.0078 2844 XDva273 - ok
    17:11:07.0359 2844 XDva280 - ok
    17:11:07.0640 2844 XDva281 - ok
    17:11:07.0937 2844 XDva337 - ok
    17:11:08.0234 2844 XDva344 - ok
    17:11:08.0531 2844 XDva365 - ok
    17:11:08.0812 2844 XDva375 - ok
    17:11:09.0109 2844 XDva385 - ok
    17:11:09.0437 2844 XDva390 - ok
    17:11:09.0718 2844 XDva391 - ok
    17:11:10.0015 2844 XTrapD12 - ok
    17:11:10.0437 2844 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    17:11:10.0437 2844 zumbus - ok
    17:11:10.0890 2844 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
    17:11:10.0906 2844 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
    17:11:11.0312 2844 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
    17:11:11.0312 2844 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
    17:11:11.0359 2844 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
    17:11:11.0406 2844 \Device\Harddisk0\DR0 - ok
    17:11:11.0406 2844 Boot (0x1200) (c71cbe2e741910d3d9586aa97dfa7b6e) \Device\Harddisk0\DR0\Partition0
    17:11:11.0406 2844 \Device\Harddisk0\DR0\Partition0 - ok
    17:11:11.0453 2844 Boot (0x1200) (f73d81133a292a0bbbcc3ae0db59932b) \Device\Harddisk0\DR0\Partition1
    17:11:11.0453 2844 \Device\Harddisk0\DR0\Partition1 - ok
    17:11:11.0453 2844 ============================================================
    17:11:11.0453 2844 Scan finished
    17:11:11.0453 2844 ============================================================
    17:11:11.0484 2648 Detected object count: 0
    17:11:11.0484 2648 Actual detected object count: 0
    meowwl, Feb 9, 2012
    #28

  9. Broni Malware Annihilator

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Feb 9, 2012
    #29

  10. meowwl Newcomer, in training

    Just a silly question before I run Combofix again...should I be running the tool in safe mode, (with networking, so it can update itself) or normal start?
    meowwl, Feb 9, 2012
    #30

  11. Broni Malware Annihilator

    Normal mode.
    Broni, Feb 9, 2012
    #31

  12. meowwl Newcomer, in training

    Alright, and done, no reboot required.... Here's the log.

    ComboFix 12-02-09.04 - Owner 02/09/2012 21:07:30.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.777 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Owner\Desktop\cacaoweb.exe
    C:\Thumbs.db
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-08 03:00 . 2012-02-08 03:00 -------- d-----w- c:\program files\ESET
    2012-02-07 20:42 . 2012-02-07 20:42 -------- d-----w- C:\_OTL
    2012-02-04 03:07 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 23:10 . 2012-02-03 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
    2012-02-03 19:52 . 2012-02-03 19:52 -------- d-----w- c:\program files\ExamDiff
    2012-02-03 18:33 . 2012-02-06 03:33 -------- d-----w- c:\documents and settings\Administrator.HOME
    2012-02-03 18:07 . 2012-02-09 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-03 16:33 . 2012-02-03 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Printer Info Cache
    2012-02-03 16:08 . 2012-02-03 16:08 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 18:48 . 2003-08-08 16:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-18 07:48 . 2011-05-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-15 14:03 . 2003-08-08 16:18 114688 ----a-w- c:\windows\system32\calc.exe
    2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-12-28 10:25 . 2011-12-28 10:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-28 10:25 . 2010-04-24 22:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-28 00:17 . 2011-12-28 00:17 388096 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-25 21:57 . 2003-08-08 15:35 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2003-08-08 15:35 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2003-08-08 15:33 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-07-15 05:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2003-08-08 15:33 152064 ----a-w- c:\windows\system32\schannel.dll
    2007-09-10 19:53 . 2007-09-10 19:53 4363776 -c--a-w- c:\program files\openofficeorg23.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\program files\instmsia.exe
    2012-02-08 15:00 . 2011-10-03 06:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 19:01 . 2011-03-03 19:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-11-17 3916544]
    "SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-10 79872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-23 113664]
    AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-6-7 217088]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-9-30 485208]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ose"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/29/2009 7:57 PM 64288]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/6/2011 7:41 AM 13496]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 1:47 PM 84200]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 9:07 PM 652360]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/9/2009 3:26 AM 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 1:47 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 1:47 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/3/2011 1:47 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 1:47 PM 141792]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 1:47 PM 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 9:07 PM 20464]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 1:47 PM 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 1:47 PM 88736]
    S2 0296841325026347mcinstcleanup;McAfee Application Installer Cleanup (0296841325026347);c:\windows\TEMP\029684~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\029684~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
    S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\Drivers\ubVeo532.sys --> c:\windows\system32\Drivers\ubVeo532.sys [?]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 1:47 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 1:47 PM 84488]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
    S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
    S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
    S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
    S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
    S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
    S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
    S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
    S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
    S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
    S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
    S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
    S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
    S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 00131176
    *NewlyCreated* - 83042171
    *Deregistered* - 00131176
    *Deregistered* - 83042171
    *Deregistered* - IPVNMon
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-02-09 c:\windows\Tasks\Game_Booster_Startup.job
    - c:\program files\IObit\Game Booster\gbtray.exe [2011-01-14 20:52]
    .
    2012-02-09 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-30 22:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com/
    uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zv7s9zaq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://dsl.sbc.yahoo.com/
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-09 21:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-02-09 21:41:16
    ComboFix-quarantined-files.txt 2012-02-10 03:40
    ComboFix2.txt 2012-02-06 04:10
    .
    Pre-Run: 50,031,693,824 bytes free
    Post-Run: 49,994,362,880 bytes free
    .
    - - End Of File - - E6DCB2BFCF641362C665854251A2B7F6
    meowwl, Feb 9, 2012
    #32

  13. Broni Malware Annihilator

    Is MBAM still complaining?
    Broni, Feb 9, 2012
    #33

  14. meowwl Newcomer, in training

    It popped up one warning after combofix ran...I'm letting Mbam run a thorough scan and will run one with mcafee as soon as that's done. I've also got Avast (u3 edition) on one of my cruiser usb drives, and will run that as well....Speak of the devil. just popped up another one two seconds ago...This one was incoming.
    meowwl, Feb 10, 2012
    #34

  15. Broni Malware Annihilator

    Going to bed but you can try resetting your router....

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
    Broni, Feb 10, 2012
    #35

  16. meowwl Newcomer, in training

    I don't have a router, just a speedstream DSL modem. Mbam still occasionally complains. I did find something else interesting...I ran process explorer, just to see what processes were running...I seem to have two explorer.exe processes running. From what I've been reading, there's only supposed to be one of them going. Is this true? If so, then how do I tell which one is the real one?
    meowwl, Feb 10, 2012
    #36

  17. Broni Malware Annihilator

    Run all those commands and then reset modem.
    Broni, Feb 10, 2012
    #37
Page 2 of 2
Thread Status:
Not open for further replies.