Solved Bamiltal virus (per Avast)

Status
Not open for further replies.
Yeah, we're dealing with a rootkit as well.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Desktop, ahoy!

2010/12/27 19:09:04.0390 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 19:09:04.0390 ================================================================================
2010/12/27 19:09:04.0390 SystemInfo:
2010/12/27 19:09:04.0390
2010/12/27 19:09:04.0390 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/27 19:09:04.0406 Product type: Workstation
2010/12/27 19:09:04.0406 ComputerName: GATEWAY-53AB983
2010/12/27 19:09:04.0406 UserName: GATODD
2010/12/27 19:09:04.0406 Windows directory: C:\WINDOWS
2010/12/27 19:09:04.0406 System windows directory: C:\WINDOWS
2010/12/27 19:09:04.0406 Processor architecture: Intel x86
2010/12/27 19:09:04.0406 Number of processors: 2
2010/12/27 19:09:04.0406 Page size: 0x1000
2010/12/27 19:09:04.0406 Boot type: Normal boot
2010/12/27 19:09:04.0406 ================================================================================
2010/12/27 19:09:04.0968 Initialize success
2010/12/27 19:09:31.0890 ================================================================================
2010/12/27 19:09:31.0890 Scan started
2010/12/27 19:09:31.0890 Mode: Manual;
2010/12/27 19:09:31.0890 ================================================================================
2010/12/27 19:09:32.0250 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/27 19:09:32.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/27 19:09:32.0437 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/27 19:09:32.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/27 19:09:32.0515 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/27 19:09:32.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/27 19:09:32.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/27 19:09:32.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/27 19:09:32.0734 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/27 19:09:32.0765 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/27 19:09:32.0812 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/27 19:09:32.0843 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/27 19:09:32.0890 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/27 19:09:32.0921 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/27 19:09:33.0031 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/27 19:09:33.0109 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/27 19:09:33.0140 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/27 19:09:33.0281 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/12/27 19:09:33.0406 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/27 19:09:33.0437 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/27 19:09:33.0484 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/27 19:09:33.0562 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/27 19:09:33.0656 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/27 19:09:33.0718 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/27 19:09:33.0765 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/27 19:09:33.0812 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/27 19:09:33.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/27 19:09:33.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/27 19:09:34.0000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/27 19:09:34.0078 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/27 19:09:34.0171 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/27 19:09:34.0250 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/27 19:09:34.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/27 19:09:34.0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/27 19:09:34.0375 cd20xrnt (3bbc58e3b18c0085248b0967ac6ac2af) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/27 19:09:34.0375 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys. Real md5: 3bbc58e3b18c0085248b0967ac6ac2af, Fake md5: f3ec03299634490e97bbce94cd2954c7
2010/12/27 19:09:34.0406 cd20xrnt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/27 19:09:34.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/27 19:09:34.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/27 19:09:34.0546 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/27 19:09:34.0671 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/27 19:09:34.0687 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/27 19:09:34.0718 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/27 19:09:34.0812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/27 19:09:34.0859 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/27 19:09:34.0890 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/27 19:09:34.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/27 19:09:35.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/27 19:09:35.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/27 19:09:35.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/27 19:09:35.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/27 19:09:35.0281 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/27 19:09:35.0359 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/27 19:09:35.0453 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/27 19:09:35.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/27 19:09:35.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/27 19:09:35.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/27 19:09:35.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/27 19:09:35.0703 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/27 19:09:35.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/27 19:09:35.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/27 19:09:35.0875 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/27 19:09:35.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/27 19:09:36.0046 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/27 19:09:36.0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/27 19:09:36.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/27 19:09:36.0250 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/27 19:09:36.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/27 19:09:36.0687 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/27 19:09:37.0015 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/27 19:09:37.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/27 19:09:37.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/27 19:09:37.0375 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/27 19:09:37.0453 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/27 19:09:37.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/27 19:09:37.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/27 19:09:37.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/27 19:09:37.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/27 19:09:37.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/27 19:09:37.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/27 19:09:37.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/27 19:09:37.0843 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/27 19:09:37.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/27 19:09:37.0968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/27 19:09:38.0031 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/27 19:09:38.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/27 19:09:38.0156 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/12/27 19:09:38.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/27 19:09:38.0375 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/27 19:09:38.0484 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/27 19:09:38.0593 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/27 19:09:38.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/27 19:09:38.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/27 19:09:38.0750 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/27 19:09:38.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/27 19:09:38.0859 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/27 19:09:38.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/27 19:09:39.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/27 19:09:39.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/27 19:09:39.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/27 19:09:39.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/27 19:09:39.0218 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/27 19:09:39.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/27 19:09:39.0281 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/27 19:09:39.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/27 19:09:39.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/27 19:09:39.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/27 19:09:39.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/27 19:09:39.0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/27 19:09:39.0531 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/27 19:09:39.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/27 19:09:39.0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/27 19:09:39.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/27 19:09:39.0828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/27 19:09:39.0921 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/27 19:09:39.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/27 19:09:40.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/27 19:09:40.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/27 19:09:40.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/27 19:09:40.0203 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/27 19:09:40.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/27 19:09:40.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/27 19:09:40.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/27 19:09:40.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/27 19:09:40.0500 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/27 19:09:40.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/27 19:09:40.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/27 19:09:40.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/27 19:09:40.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/27 19:09:40.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/27 19:09:40.0937 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/27 19:09:40.0968 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/27 19:09:41.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/27 19:09:41.0062 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/27 19:09:41.0093 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/27 19:09:41.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/27 19:09:41.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/27 19:09:41.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/27 19:09:41.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/27 19:09:41.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/27 19:09:41.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/27 19:09:41.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/27 19:09:41.0468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/27 19:09:41.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/27 19:09:41.0625 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/12/27 19:09:41.0703 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/27 19:09:41.0734 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/27 19:09:41.0843 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2010/12/27 19:09:41.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/27 19:09:42.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/27 19:09:42.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/27 19:09:42.0234 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/27 19:09:42.0281 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/27 19:09:42.0421 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2010/12/27 19:09:42.0578 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/12/27 19:09:42.0671 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/27 19:09:42.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/27 19:09:42.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/27 19:09:42.0843 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/27 19:09:42.0906 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/27 19:09:43.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/27 19:09:43.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/27 19:09:43.0125 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/27 19:09:43.0156 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/27 19:09:43.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/27 19:09:43.0250 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/27 19:09:43.0328 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/27 19:09:43.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/27 19:09:43.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/27 19:09:43.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/27 19:09:43.0578 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/27 19:09:43.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/27 19:09:43.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/27 19:09:43.0781 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/27 19:09:43.0812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/27 19:09:43.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/27 19:09:43.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/27 19:09:44.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/27 19:09:44.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/27 19:09:44.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/27 19:09:44.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/27 19:09:44.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/27 19:09:44.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/27 19:09:44.0343 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/27 19:09:44.0390 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/27 19:09:44.0468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/27 19:09:44.0515 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/27 19:09:44.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/27 19:09:44.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/27 19:09:44.0781 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/27 19:09:44.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/27 19:09:45.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/27 19:09:45.0093 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/27 19:09:45.0187 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/27 19:09:45.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/27 19:09:45.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/27 19:09:45.0343 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/27 19:09:45.0515 ================================================================================
2010/12/27 19:09:45.0515 Scan finished
2010/12/27 19:09:45.0515 ================================================================================
2010/12/27 19:09:45.0546 Detected object count: 1
2010/12/27 19:09:57.0921 cd20xrnt (3bbc58e3b18c0085248b0967ac6ac2af) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/27 19:09:57.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys. Real md5: 3bbc58e3b18c0085248b0967ac6ac2af, Fake md5: f3ec03299634490e97bbce94cd2954c7
2010/12/27 19:09:59.0484 Backup copy found, using it..
2010/12/27 19:09:59.0515 C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys - will be cured after reboot
2010/12/27 19:09:59.0515 Rootkit.Win32.TDSS.tdl3(cd20xrnt) - User select action: Cure
2010/12/27 19:10:14.0093 Deinitialize success
 
Good job :)
We're getting somewhere...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7C7D000 \WINDOWS\system32\KDCOM.DLL
0xF7B8D000 \WINDOWS\system32\BOOTVID.dll
0xF774A000 klmdb.sys
0xF771C000 ACPI.sys
0xF7C7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF770B000 pci.sys
0xF777D000 isapnp.sys
0xF7B91000 compbatt.sys
0xF7B95000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF79FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF778D000 MountMgr.sys
0xF76EC000 ftdisk.sys
0xF7A05000 PartMgr.sys
0xF7B99000 ACPIEC.sys
0xF7D46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF779D000 VolSnap.sys
0xF76D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7606000 iaStor.sys
0xF782D000 disk.sys
0xF783D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7589000 fltMgr.sys
0xF7577000 sr.sys
0xF7560000 KSecDD.sys
0xF74D3000 Ntfs.sys
0xF74A6000 NDIS.sys
0xF748C000 Mup.sys
0xF787D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5F23000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5F0F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5EE7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF788D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7AF5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5D42000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7AFD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7424000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF789D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B05000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5D11000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7CCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF784D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5CA0000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7420000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7EBC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7CCD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7B15000 \SystemRoot\System32\Drivers\Modem.SYS
0xF785D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF741C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C89000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5C78000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78DD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B25000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78ED000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF7B35000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF78FD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7CCF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5C55000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5BF7000 \SystemRoot\system32\DRIVERS\update.sys
0xF73EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE720000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA2C7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2A3000 \SystemRoot\system32\drivers\portcls.sys
0xEE710000 \SystemRoot\system32\drivers\drmk.sys
0xEEA2A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7D41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xECFED000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D43000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF7A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEF79C000 \SystemRoot\System32\drivers\vga.sys
0xF7C8F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF794000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF78C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEEA22000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA208000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1AF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE6E0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA189000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA161000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA13F000 \SystemRoot\System32\drivers\afd.sys
0xEE6D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA114000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA0A4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xED0FB000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9EF6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xED0EB000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xEF784000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9ECF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xECC51000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA546B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA532D000 \SystemRoot\System32\drivers\Dxapi.sys
0xA4EC3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA4C5B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7BB9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF7460000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA409F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA3FAA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA3ED8000 \SystemRoot\system32\DRIVERS\srv.sys
0xECC41000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA3C93000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3CD0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3A44000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2F80000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
672 C:\WINDOWS\system32\smss.exe
728 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
812 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1100 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1240 svchost.exe
1480 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1716 C:\WINDOWS\system32\spoolsv.exe
1796 svchost.exe
1888 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1940 C:\Program Files\Java\jre6\bin\jqs.exe
1996 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
376 C:\WINDOWS\system32\svchost.exe
2212 alg.exe
2768 C:\WINDOWS\explorer.exe
2884 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2904 C:\WINDOWS\system32\igfxtray.exe
2924 C:\WINDOWS\system32\hkcmd.exe
2940 C:\WINDOWS\system32\igfxpers.exe
3008 C:\WINDOWS\system32\igfxsrvc.exe
3104 C:\WINDOWS\RTHDCPL.EXE
3200 C:\WINDOWS\PLFSetL.exe
3244 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3252 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3272 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3280 C:\Program Files\Java\jre6\bin\jusched.exe
3316 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3352 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3384 C:\WINDOWS\system32\ctfmon.exe
3400 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
3544 C:\Program Files\MWSnap\MWSnap.exe
3572 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3628 C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
3672 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
3740 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3856 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
3832 C:\WINDOWS\system32\wbem\wmiapsrv.exe
420 C:\Program Files\Mozilla Firefox\firefox.exe
2108 C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
3616 C:\Documents and Settings\GATODD\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
ComboFix 10-12-26.01 - GATODD 12/27/2010 21:20:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.541 [GMT -5:00]
Running from: c:\documents and settings\GATODD\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GATODD\Application Data\inst.exe
c:\documents and settings\GATODD\g2mdlhlpx.exe
c:\documents and settings\GATODD\Local Settings\Application Data\{F3D9D51A-5C4A-4B1B-812A-E26206827DC9}
c:\documents and settings\GATODD\Local Settings\Application Data\{F3D9D51A-5C4A-4B1B-812A-E26206827DC9}\chrome.manifest
c:\documents and settings\GATODD\Local Settings\Application Data\{F3D9D51A-5C4A-4B1B-812A-E26206827DC9}\chrome\content\_cfg.js
c:\documents and settings\GATODD\Local Settings\Application Data\{F3D9D51A-5C4A-4B1B-812A-E26206827DC9}\chrome\content\overlay.xul
c:\documents and settings\GATODD\Local Settings\Application Data\{F3D9D51A-5C4A-4B1B-812A-E26206827DC9}\install.rdf
C:\Install.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-26 21:56 . 2010-12-26 21:56 -------- d-----w- C:\_OTL
2010-12-26 11:26 . 2010-12-26 11:26 -------- d-----w- c:\program files\7-Zip
2010-12-25 02:35 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-25 02:35 . 2010-12-25 02:35 -------- d-----w- c:\documents and settings\GATODD\Local Settings\Application Data\Sony Corporation
2010-12-25 02:35 . 2010-12-25 02:35 -------- d-----w- c:\documents and settings\GATODD\Application Data\Sony Corporation
2010-12-25 02:35 . 2010-12-25 02:35 -------- d-----w- c:\windows\Logs
2010-12-25 02:34 . 2010-12-25 02:34 -------- d-----w- c:\program files\Sony
2010-12-25 02:34 . 2010-12-25 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-12-25 02:31 . 2010-12-25 02:35 -------- d-----w- c:\documents and settings\GATODD\Local Settings\Application Data\Temp
2010-12-22 16:18 . 2010-12-22 16:18 -------- d-----w- c:\documents and settings\GATODD\Local Settings\Application Data\Research In Motion
2010-12-22 15:41 . 2010-12-22 15:41 69632 ----a-r- c:\documents and settings\GATODD\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2010-12-22 15:41 . 2010-12-22 15:41 413696 ----a-r- c:\documents and settings\GATODD\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2010-12-22 15:41 . 2010-12-22 15:41 413696 ----a-r- c:\documents and settings\GATODD\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2010-12-22 15:41 . 2010-12-22 15:41 413696 ----a-r- c:\documents and settings\GATODD\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\ARPPRODUCTICON.exe
2010-12-16 02:55 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-16 02:55 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-16 02:55 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-16 02:55 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-16 02:55 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-16 02:55 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-16 02:55 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-16 02:55 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-16 02:55 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-16 02:55 . 2010-12-16 02:55 -------- d-----w- c:\program files\Alwil Software
2010-12-16 02:55 . 2010-12-16 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-16 02:26 . 2010-12-16 02:26 -------- d-----w- c:\program files\IObit
2010-12-16 02:26 . 2010-12-16 02:26 -------- d-----w- c:\documents and settings\GATODD\Application Data\IObit
2010-12-07 23:59 . 2010-12-25 02:50 -------- d-----w- c:\documents and settings\GATODD\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 00:10 . 2009-06-17 19:22 7680 ----a-w- c:\windows\system32\drivers\cd20xrnt.sys
2010-12-26 11:20 . 2010-12-26 11:20 515892 ----a-w- C:\eeepcfr.zip
2010-12-20 23:09 . 2010-08-22 04:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-22 04:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 03:41 . 2009-12-09 02:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-24 39816]
"MWSnap"="c:\program files\MWSnap\MWSnap.exe" [2002-07-06 427008]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\GATODD\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/15/2010 9:55 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/15/2010 9:55 PM 17744]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/17/2009 12:49 PM 38912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2009 1:25 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/9/2009 9:28 AM 30192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [6/17/2009 1:24 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 9:03 PM 32408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://nmd.bn02337.chatttn.wayport.net/index.adp?ProxyHost=&UserAgent=Mozilla%2f4%2e0+%28compatible%3b+MSIE+8%2e0%3b+Windows+NT+5%2e1%3b+Trident%2f4%2e0%3b+GTB6%2e3%3b+%2eNET+CLR+1%2e1%2e4322%3b+%2eNET+CLR+2%2e0%2e50727%3b+InfoPath%2e2%3b+%2eNET+CLR+3%2e0%2e4506%2e2152%3b+%2eNET+CLR+3%2e5%2e30729%29&NmdId=29612&ReturnHost=nmd%2ebn02337%2echatttn%2ewayport%2enet&MacAddr=00%3a26%3a5E%3a69%3aF7%3a13&IpAddr=192%2e168%2e5%2e151&NduMacAddr=&NduPort=&PortType=Wireless&PortDesc=&UseCount=&PaymentMethod=&ChargeAmount=&Style=ATT&vsgpId=&pVersion=2&ValidationHash=814f56197022e8df1c08dd4667371779&origDest=&ProxyHost=&vsgId=106135&ts=1265058274&OtherOpts=1
uInternet Connection Wizard,ShellNext = iexplore
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Embedded Objects: firefox@red-cog.com - %profile%\extensions\firefox@red-cog.com
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 21:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,7d,62,83,1b,63,6c,49,b7,73,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,7d,62,83,1b,63,6c,49,b7,73,45,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
.
**************************************************************************
.
Completion time: 2010-12-27 21:34:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-28 02:34

Pre-Run: 85,935,742,976 bytes free
Post-Run: 85,772,886,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 282894502B4C900AACD3C217EA082AEC
 
Looks good :)

How is computer doing?

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Computer is doing great. ESET was running so long I went to bed. Computer did an automatic reboot due to a windows security update so I didn't have the opportunity to capture export results to a log. Any chance of getting it after the fact?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7C7D000 \WINDOWS\system32\KDCOM.DLL
0xF7B8D000 \WINDOWS\system32\BOOTVID.dll
0xF774A000 klmdb.sys
0xF771C000 ACPI.sys
0xF7C7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF770B000 pci.sys
0xF777D000 isapnp.sys
0xF7B91000 compbatt.sys
0xF7B95000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF79FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF778D000 MountMgr.sys
0xF76EC000 ftdisk.sys
0xF7A05000 PartMgr.sys
0xF7B99000 ACPIEC.sys
0xF7D46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF779D000 VolSnap.sys
0xF76D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7606000 iaStor.sys
0xF782D000 disk.sys
0xF783D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7589000 fltMgr.sys
0xF7577000 sr.sys
0xF7560000 KSecDD.sys
0xF74D3000 Ntfs.sys
0xF74A6000 NDIS.sys
0xF748C000 Mup.sys
0xF787D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5F23000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5F0F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5EE7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF788D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7AF5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5D42000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7AFD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7424000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF789D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B05000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5D11000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7CCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF784D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5CA0000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7420000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7EBC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7CCD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7B15000 \SystemRoot\System32\Drivers\Modem.SYS
0xF785D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF741C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C89000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5C78000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78DD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B25000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78ED000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF7B35000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF78FD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7CCF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5C55000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5BF7000 \SystemRoot\system32\DRIVERS\update.sys
0xF73EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE720000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA2C7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2A3000 \SystemRoot\system32\drivers\portcls.sys
0xEE710000 \SystemRoot\system32\drivers\drmk.sys
0xEEA2A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7D41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xECFED000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D43000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF7A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEF79C000 \SystemRoot\System32\drivers\vga.sys
0xF7C8F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF794000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF78C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEEA22000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA208000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1AF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE6E0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA189000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA161000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA13F000 \SystemRoot\System32\drivers\afd.sys
0xEE6D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA114000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA0A4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xED0FB000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9EF6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xED0EB000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xEF784000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9ECF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xECC51000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA546B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA532D000 \SystemRoot\System32\drivers\Dxapi.sys
0xA4EC3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA4C5B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7BB9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF7460000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA409F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA3FAA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA3ED8000 \SystemRoot\system32\DRIVERS\srv.sys
0xECC41000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA3C93000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3CD0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3A44000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2F80000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
672 C:\WINDOWS\system32\smss.exe
728 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
812 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1100 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1240 svchost.exe
1480 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1716 C:\WINDOWS\system32\spoolsv.exe
1796 svchost.exe
1888 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1940 C:\Program Files\Java\jre6\bin\jqs.exe
1996 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
376 C:\WINDOWS\system32\svchost.exe
2212 alg.exe
2768 C:\WINDOWS\explorer.exe
2884 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2904 C:\WINDOWS\system32\igfxtray.exe
2924 C:\WINDOWS\system32\hkcmd.exe
2940 C:\WINDOWS\system32\igfxpers.exe
3008 C:\WINDOWS\system32\igfxsrvc.exe
3104 C:\WINDOWS\RTHDCPL.EXE
3200 C:\WINDOWS\PLFSetL.exe
3244 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3252 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3272 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3280 C:\Program Files\Java\jre6\bin\jusched.exe
3316 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3352 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3384 C:\WINDOWS\system32\ctfmon.exe
3400 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
3544 C:\Program Files\MWSnap\MWSnap.exe
3572 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3628 C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
3672 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
3740 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3856 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
3832 C:\WINDOWS\system32\wbem\wmiapsrv.exe
420 C:\Program Files\Mozilla Firefox\firefox.exe
2108 C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
3616 C:\Documents and Settings\GATODD\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Good news :)

I didn't ask for MBRCheck log, but Security Check log :)

Try this scan, instead of re-runing Eset. It should be faster...

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
Doh! Too many logs - grabbed wrong one. Sorry so sloppy. Here's Security Check log while I run new scan:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
AVG Free 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Tue Dec 28 14:13:01 2010
Machine ID: D0B36A78



No infection found.
-------------------



Processes
---------
(verified) AcroTray - Adobe Acrobat Distiller help 3300 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(verified) avast! Antivirus 1428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(verified) avast! Antivirus 3324 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(verified) Bloggie Software 3568 C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
(verified) Firefox 244 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 636 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Google Desktop 3204 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(verified) GoogleToolbarNotifier 3392 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) GoToMeeting 3604 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
(verified) GoToMeeting 3840 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
(verified) GoToMeeting 3364 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
(verified) GrooveMonitor Utility 3232 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Intel(R) Common User Interface 3056 C:\WINDOWS\system32\hkcmd.exe
(verified) Intel(R) Common User Interface 3064 C:\WINDOWS\system32\igfxpers.exe
(verified) Intel(R) Common User Interface 3164 C:\WINDOWS\system32\igfxsrvc.exe
(verified) Intel(R) Common User Interface 3048 C:\WINDOWS\system32\igfxtray.exe
(verified) Java(TM) Platform SE 6 U17 1916 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java(TM) Platform SE 6 U17 3260 C:\Program Files\Java\jre6\bin\jusched.exe
(verified) Microsoft Office OneNote 3592 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(verified) Microsoft® Windows® Operating System 2180 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2504 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1616 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 796 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 472 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1208 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1820 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 212 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2944 C:\WINDOWS\system32\wbem\wmiapsrv.exe
(verified) Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2632 C:\WINDOWS\system32\wscntfy.exe
(verified) MWSnap.exe 3380 C:\Program Files\MWSnap\MWSnap.exe
(verified) Nero BackItUp 1952 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(verified) RAID Event Monitor 3040 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(verified) RAID Monitor 1876 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(verified) Realtek HD Audio Sound Effect Manager 3076 C:\WINDOWS\RTHDCPL.EXE
(verified) sonix DefaultSettingEXE 3140 C:\WINDOWS\PLFSetL.exe
(verified) Synaptics Pointing Device Driver 3196 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Network activity
----------------
Process firefox.exe (244) connected on port 80 (HTTP) --> 72.247.238.72
Process firefox.exe (244) connected on port 80 (HTTP) --> 72.247.238.72
Process firefox.exe (244) connected on port 80 (HTTP) --> 74.125.157.154
Process firefox.exe (244) connected on port 80 (HTTP) --> 199.7.51.190
Process firefox.exe (244) connected on port 80 (HTTP) --> 72.247.238.11
Process firefox.exe (244) connected on port 80 (HTTP) --> 199.7.51.190
Process firefox.exe (244) connected on port 80 (HTTP) --> 66.235.143.121
Process firefox.exe (244) connected on port 80 (HTTP) --> 66.220.147.44
Process firefox.exe (244) connected on port 80 (HTTP) --> 74.125.159.96
Process firefox.exe (244) connected on port 80 (HTTP) --> 72.14.204.101
Process firefox.exe (244) connected on port 80 (HTTP) --> 209.107.220.74

Process svchost.exe (1036) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
(verified) AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
(verified) avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(verified) Bloggie Software C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
(verified) Google Desktop C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) GoToMeeting C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
(verified) InstallUtil C:\WINDOWS\system32\csnp2uvc.dll
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
(verified) Java(TM) Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
(verified) Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) MWSnap.exe C:\Program Files\MWSnap\MWSnap.exe
(verified) QuickTime C:\Program Files\QuickTime\QTTask.exe
(verified) RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(verified) Realtek Azalia Mixer Selector C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
(verified) Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
(verified) sonix DefaultSettingEXE C:\WINDOWS\PLFSetL.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
(verified) 新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE


Browser plugins
---------------
(unsigned) AtMgr Module C:\WINDOWS\Downloaded Program Files\atscmgr.exe
(unsigned) ATSc3ClS Module C:\WINDOWS\Downloaded Program Files\atsc3cls.dll
(unsigned) frozen.dll C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(unsigned) googletoolbar-ff2.dll C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
(unsigned) googletoolbar-ff3.dll C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
(unsigned) googletoolbarloader.dll C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
(unsigned) GoToMeeting/GoToWebinar C:\WINDOWS\Downloaded Program Files\g2mdlax.dll
(unsigned) VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
(verified) atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe
(verified) BitDefender QuickScan C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
(verified) BitDefender QuickScan C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) BitDefender QuickScan C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
(verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
(verified) Java(TM) Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
(verified) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
(verified) Sony Online Media Engine C:\Program Files\Sony\Bloggie Software\npsome.dll
(verified) WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcdec.dll
(verified) Webex Download Module C:\WINDOWS\Downloaded Program Files\atgpcext.dll
(verified) WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"


Scan
----
(unsigned) MD5: 0a69406d3cf3747ab528ace7739ac46d C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(unsigned) MD5: e5b02bb0c6ea7cd4607b49c7be4db5b0 C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
(unsigned) MD5: 288cc8a1f9ca886a3555da06dbae6144 C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
(unsigned) MD5: ad7ec854e30b632bcdd7dee6a3ab4077 C:\Documents and Settings\GATODD\Application Data\Mozilla\Firefox\Profiles\d0eeivy3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
(unsigned) MD5: 95151d7903fef5f221a3b5be603e69bf C:\Program Files\7-Zip\7-zip.dll
(unsigned) MD5: 15e065b9438f690728670f90778d994a C:\Program Files\Alwil Software\Avast5\defs\10122701\algo.dll
(unsigned) MD5: 8ac35065e46657fd6b471e8b1c753f13 C:\Program Files\Alwil Software\Avast5\defs\10122801\algo.dll
(unsigned) MD5: 0729478594248c1c98c51fa2f7c0be24 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
(unsigned) MD5: df5f4ecacf6df29a0738ccae7e322371 C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
(unsigned) MD5: 0de27eefca129508318018c0a621de02 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
(unsigned) MD5: a9c2ff64ccc35ee52ed4a7b86572e8cc C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.dll
(unsigned) MD5: b3ccb67d0d6a3f653c43b840ff2ea324 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
(unsigned) MD5: 59dac066b544f434f3ef8fbe52bcf6cf C:\Program Files\Google\Google Desktop Search\GoogleServices.dll
(unsigned) MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMON_ENU.dll
(unsigned) MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
(unsigned) MD5: ac31c3fc0b28f54f4873c5136be525f8 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
(unsigned) MD5: c92d20a6e35e232004d83dc10a78878a C:\Program Files\Microsoft Office\Office12\USP10.DLL
(unsigned) MD5: e72b70c57c4229d339fe110951932392 C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d07aceebe516a561767117c43088f2c C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 2935447938967fdd07dd9118dfb4afb2 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: abb32a44090b77890f785153e41218de C:\Program Files\VideoLAN\VLC\npvlc.dll
(unsigned) MD5: 662b9b380c73e2e1c5c8836b7e8d69a7 C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
(unsigned) MD5: b29dc5579a912cdf8202d1f6971d2c20 C:\WINDOWS\Downloaded Program Files\atsc3cls.dll
(unsigned) MD5: 1b096362951700de3c7ea9c7e6a0bee0 C:\WINDOWS\Downloaded Program Files\atscmgr.exe
(unsigned) MD5: 2bc6bbd36bca18bcc394c72f938a4fe9 C:\WINDOWS\Downloaded Program Files\g2mdlax.dll
(unsigned) MD5: 056e6bfd6314bbb84d5dfb1ca529cd60 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
(unsigned) MD5: 4928ab3a304ddf05c354de3807a4a66b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
(unsigned) MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.04 MB sent, 0.56 KB recvd
Scanned 1232 files and modules - 7 seconds

==============================================================================
 
I can see, Security Check still lists AVG Free 9.0
Probably, some registry leftovers.
Just for a good measure, run AVG Remover: http://www.avg.com/us-en/download-tools

=====================================================================

Update Thunderbird to the current 3.1.7 version, or uninstall it, if you don't use it.

======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Do you have a security preference for Moz/FF or IE? I run FF always. As I was running JavaRa it said to close IE, which of course wasn't open. I removed 3 files but first said "no definition file found"
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: GATODD
->Temp folder emptied: 10217066 bytes
->Temporary Internet Files folder emptied: 2344371 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 48260093 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5054299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66266854 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 126.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: GATODD
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.18.0 log created on 12282010_150924

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
I try to stay away from IE, as far, as possible :)

Post new Security Check log and we'll see what it says.
 
Ypu're great to work with! Running great.Should i re-install spybot?

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
AVG Free 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
Good :)
Did you run AVG Remover?

Spybot is considered as a tool of the past.
You can safely uninstall it altogether.

Good luck and stay safe.
 
AVG removed now. Thanks again for everything. Happy New Year!

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
Status
Not open for further replies.

Similar threads

Daniel Sims
PCIe 7.0 draft specs become available, detail 4x bandwidth gains over PCIe 5.0
Replies
10
Views
506
neeyik
neeyik
Cal Jeffrey
Court shoots down Apple's motion to delay App Store payment changes
Replies
6
Views
899
Mr Majestyk
M
S
  • Locked
Inactive Trojan Process pwdgcabsvc exe in system 32, Win 7
Replies
1
Views
1K
Broni
Broni

Latest posts

Back