PC Performance Analysis and Stability Malware / registry repairs?

Solved
By LaptopWrecked
Jun 10, 2011
Topic Status:
Not open for further replies.
  1. Hi.

    I have been infected by this malware. Had to create a new user account to access my programs. Most desktop icons gone. Program list missing. Documents missing access to them, but still there if I go to the new adminstrator account.

    Have begun 7 steps of fixing to create damage logs from the other help thread.

    Ran RKILL and MBAM.EXE to clean malware from running, but system still damaged.

    GMER log below:

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-10 03:24:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721060G9AT00 rev.MC3OA40M
    Running: 0mnpk6mt.exe; Driver: C:\DOCUME~1\FIXASU~1.000\LOCALS~1\Temp\kxtdykoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79BD4D0]
    SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79BD520]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 00688BF0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 00688B40 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00688CC0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00688B80 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00688C30 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00688BB0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00688C70 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
    .text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!EnableScrollBar 7E468005 5 Bytes JMP 00688B00 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Ip TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Udp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{9F9FDD4A-11DE-0279-B037-7668911670D9}\InprocServer32@ C:\WINDOWS\system32\ole32.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F9FDD4A-11DE-0279-B037-7668911670D9}\InprocServer32@ThreadingModel Both

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\XXXXXXXXXX\Application Data\Macromedia\Flash Player\#SharedObjects\HN5V2ALN\www.acousticguitar.com.\flowplayer.commercial-3.1.5.swf 0 bytes
    File C:\Documents and Settings\XXXXXXXXXX\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.acousticguitar.com.\settings.sol 93 bytes

    ---- EOF - GMER 1.0.15 ----



    THANKS!
  2. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    3 Malwarebytes scans

    I did these before coming to this forum for help. Sorry if I didn't follow directions exactly. Still only able to use computer as a newly created administrator account. My other account is messed up still. Files seem to load back even after cleaning with Malwarebytes.

    SCAN 1 ********************************************

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4178

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/2/2011 12:45:48 PM
    mbam-log-2011-06-02 (12-45-48).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 216024
    Time elapsed: 47 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\xxxxxxxxxx\Local Settings\Temp\0.5043336028533728.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


    SCAN 2 ************************************************

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4178

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/8/2010 8:32:50 AM
    mbam-log-2010-06-08 (08-32-50).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 219491
    Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.


    SCAN 3 *********************************************************

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4178

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/9/2010 2:33:22 PM
    mbam-log-2010-06-09 (14-33-22).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 219645
    Time elapsed: 1 hour(s), 12 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    I could not get dds.scr to run to completion. Not sure exactly how to disable scripts? Offline, I turned off my firewall, Avanquest SystemSuite9 Anti-virus and active protection to run it, but it hangs and shows ###########################

    Then computer completely freezees. Suggestions to run that scan?
  4. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    That's fine for now.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    2011/06/10 18:00:46.0131 0752 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/10 18:00:46.0146 0752 ================================================================================
    2011/06/10 18:00:46.0146 0752 SystemInfo:
    2011/06/10 18:00:46.0146 0752
    2011/06/10 18:00:46.0146 0752 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/10 18:00:46.0146 0752 Product type: Workstation
    2011/06/10 18:00:46.0146 0752 ComputerName: ASUS-P1-W3V
    2011/06/10 18:00:46.0146 0752 UserName:xxxxxxxxxx
    2011/06/10 18:00:46.0146 0752 Windows directory: C:\WINDOWS
    2011/06/10 18:00:46.0146 0752 System windows directory: C:\WINDOWS
    2011/06/10 18:00:46.0146 0752 Processor architecture: Intel x86
    2011/06/10 18:00:46.0146 0752 Number of processors: 1
    2011/06/10 18:00:46.0146 0752 Page size: 0x1000
    2011/06/10 18:00:46.0146 0752 Boot type: Normal boot
    2011/06/10 18:00:46.0146 0752 ================================================================================
    2011/06/10 18:00:47.0381 0752 Initialize success
    2011/06/10 18:00:50.0224 0740 ================================================================================
    2011/06/10 18:00:50.0224 0740 Scan started
    2011/06/10 18:00:50.0224 0740 Mode: Manual;
    2011/06/10 18:00:50.0224 0740 ================================================================================
    2011/06/10 18:00:51.0209 0740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/10 18:00:51.0287 0740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/06/10 18:00:51.0349 0740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/10 18:00:51.0537 0740 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/06/10 18:00:51.0615 0740 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/10 18:00:51.0677 0740 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/06/10 18:00:52.0037 0740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/10 18:00:52.0193 0740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/10 18:00:52.0443 0740 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/10 18:00:52.0896 0740 ati2mtag (56a1effde2b68b59e82905e083b9d77f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/06/10 18:00:53.0099 0740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/10 18:00:53.0162 0740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/10 18:00:53.0271 0740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/10 18:00:53.0474 0740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/10 18:00:53.0568 0740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/10 18:00:53.0615 0740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/10 18:00:53.0662 0740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/10 18:00:53.0740 0740 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/06/10 18:00:53.0974 0740 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/06/10 18:00:54.0146 0740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/10 18:00:54.0224 0740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/10 18:00:54.0474 0740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/10 18:00:54.0537 0740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/10 18:00:54.0615 0740 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/10 18:00:54.0834 0740 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/10 18:00:54.0927 0740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/10 18:00:54.0974 0740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/06/10 18:00:55.0021 0740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/10 18:00:55.0068 0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/06/10 18:00:55.0256 0740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/10 18:00:55.0318 0740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/10 18:00:55.0396 0740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/10 18:00:55.0459 0740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/10 18:00:55.0662 0740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/10 18:00:55.0724 0740 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/06/10 18:00:55.0787 0740 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/10 18:00:55.0849 0740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/10 18:00:56.0084 0740 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/06/10 18:00:56.0115 0740 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/06/10 18:00:56.0193 0740 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/06/10 18:00:56.0271 0740 HSFHWAZL (88da551b653fce4fc56f9389a5c858b7) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/06/10 18:00:56.0537 0740 HSF_DP (0d90b6c780156723e0991752ad94d278) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/06/10 18:00:56.0802 0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/10 18:00:56.0974 0740 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/10 18:00:57.0037 0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/10 18:00:57.0381 0740 IntcAzAudAddService (1b96769762470002a9386e61beb03eb6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/10 18:00:57.0662 0740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/06/10 18:00:57.0709 0740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/10 18:00:57.0756 0740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/10 18:00:57.0787 0740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/10 18:00:57.0834 0740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/10 18:00:57.0896 0740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/10 18:00:58.0099 0740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/10 18:00:58.0162 0740 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2011/06/10 18:00:58.0209 0740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/10 18:00:58.0287 0740 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/10 18:00:58.0474 0740 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    2011/06/10 18:00:58.0599 0740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/10 18:00:58.0959 0740 KFilter (2785516a3bf99541aa968515178eced0) C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys
    2011/06/10 18:00:59.0162 0740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/10 18:00:59.0224 0740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/10 18:00:59.0349 0740 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/06/10 18:00:59.0584 0740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/10 18:00:59.0646 0740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/10 18:00:59.0709 0740 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/10 18:00:59.0865 0740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/10 18:00:59.0927 0740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/10 18:01:00.0021 0740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/10 18:01:00.0099 0740 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/10 18:01:00.0302 0740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/10 18:01:00.0349 0740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/10 18:01:00.0396 0740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/10 18:01:00.0427 0740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/10 18:01:00.0459 0740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/10 18:01:00.0521 0740 MTsensor (c3ef8fcf41b02bf8538bc448e8cf563f) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
    2011/06/10 18:01:00.0724 0740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/10 18:01:00.0771 0740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/10 18:01:00.0834 0740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/10 18:01:00.0865 0740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/10 18:01:01.0068 0740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/10 18:01:01.0131 0740 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/10 18:01:01.0177 0740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/10 18:01:01.0240 0740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
  6. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    It's incomplete.
  7. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    I will run again. What did I do wrong?
  8. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    See...
    Open that file and post it back here.
    Maybe, you missed a part of the log.
  9. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    More complete?



    2011/06/10 18:23:55.0881 2852 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/10 18:23:55.0896 2852 ================================================================================
    2011/06/10 18:23:55.0896 2852 SystemInfo:
    2011/06/10 18:23:55.0896 2852
    2011/06/10 18:23:55.0896 2852 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/10 18:23:55.0896 2852 Product type: Workstation
    2011/06/10 18:23:55.0896 2852 ComputerName: ASUS-P1-W3V
    2011/06/10 18:23:55.0896 2852 UserName: fix
    2011/06/10 18:23:55.0896 2852 Windows directory: C:\WINDOWS
    2011/06/10 18:23:55.0896 2852 System windows directory: C:\WINDOWS
    2011/06/10 18:23:55.0896 2852 Processor architecture: Intel x86
    2011/06/10 18:23:55.0896 2852 Number of processors: 1
    2011/06/10 18:23:55.0896 2852 Page size: 0x1000
    2011/06/10 18:23:55.0896 2852 Boot type: Normal boot
    2011/06/10 18:23:55.0896 2852 ================================================================================
    2011/06/10 18:23:55.0974 2852 Initialize success
    2011/06/10 18:24:03.0256 1468 ================================================================================
    2011/06/10 18:24:03.0256 1468 Scan started
    2011/06/10 18:24:03.0256 1468 Mode: Manual;
    2011/06/10 18:24:03.0256 1468 ================================================================================
    2011/06/10 18:24:03.0256 1468 ================================================================================
    2011/06/10 18:24:03.0256 1468 Scan finished
    2011/06/10 18:24:03.0256 1468 ================================================================================
    2011/06/10 18:24:03.0271 3976 Detected object count: 0
    2011/06/10 18:24:03.0271 3976 Actual detected object count: 0
    2011/06/10 18:24:17.0177 2468 ================================================================================
    2011/06/10 18:24:17.0177 2468 Scan started
    2011/06/10 18:24:17.0177 2468 Mode: Manual;
    2011/06/10 18:24:17.0177 2468 ================================================================================
    2011/06/10 18:24:17.0568 2468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/10 18:24:17.0646 2468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/06/10 18:24:17.0709 2468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/10 18:24:17.0896 2468 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/06/10 18:24:17.0959 2468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/10 18:24:18.0021 2468 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/06/10 18:24:18.0349 2468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/10 18:24:18.0474 2468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/10 18:24:18.0537 2468 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/10 18:24:18.0834 2468 ati2mtag (56a1effde2b68b59e82905e083b9d77f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/06/10 18:24:19.0052 2468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/10 18:24:19.0115 2468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/10 18:24:19.0162 2468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/10 18:24:19.0365 2468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/10 18:24:19.0427 2468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/10 18:24:19.0474 2468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/10 18:24:19.0662 2468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/10 18:24:19.0771 2468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/06/10 18:24:19.0834 2468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/06/10 18:24:19.0959 2468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/10 18:24:20.0177 2468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/10 18:24:20.0287 2468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/10 18:24:20.0490 2468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/10 18:24:20.0568 2468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/10 18:24:20.0631 2468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/10 18:24:20.0881 2468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/10 18:24:20.0959 2468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/06/10 18:24:21.0006 2468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/10 18:24:21.0193 2468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/06/10 18:24:21.0256 2468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/10 18:24:21.0318 2468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/10 18:24:21.0474 2468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/10 18:24:21.0552 2468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/10 18:24:21.0631 2468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/10 18:24:21.0849 2468 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/06/10 18:24:21.0927 2468 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/10 18:24:22.0131 2468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/10 18:24:22.0193 2468 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/06/10 18:24:22.0271 2468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/06/10 18:24:22.0334 2468 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/06/10 18:24:22.0521 2468 HSFHWAZL (88da551b653fce4fc56f9389a5c858b7) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/06/10 18:24:22.0631 2468 HSF_DP (0d90b6c780156723e0991752ad94d278) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/06/10 18:24:22.0881 2468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/10 18:24:23.0021 2468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/10 18:24:23.0224 2468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/10 18:24:23.0396 2468 IntcAzAudAddService (1b96769762470002a9386e61beb03eb6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/10 18:24:23.0615 2468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/06/10 18:24:23.0646 2468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/10 18:24:23.0677 2468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/10 18:24:23.0709 2468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/10 18:24:23.0740 2468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/10 18:24:23.0974 2468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/10 18:24:24.0021 2468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/10 18:24:24.0068 2468 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2011/06/10 18:24:24.0271 2468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/10 18:24:24.0334 2468 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/10 18:24:24.0396 2468 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    2011/06/10 18:24:24.0443 2468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/10 18:24:24.0787 2468 KFilter (2785516a3bf99541aa968515178eced0) C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys
    2011/06/10 18:24:25.0037 2468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/10 18:24:25.0099 2468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/10 18:24:25.0162 2468 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/06/10 18:24:25.0365 2468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/10 18:24:25.0412 2468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/10 18:24:25.0459 2468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/10 18:24:25.0490 2468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/10 18:24:25.0709 2468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/10 18:24:25.0771 2468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/10 18:24:25.0818 2468 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/10 18:24:26.0052 2468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/10 18:24:26.0084 2468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/10 18:24:26.0115 2468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/10 18:24:26.0146 2468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/10 18:24:26.0162 2468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/10 18:24:26.0224 2468 MTsensor (c3ef8fcf41b02bf8538bc448e8cf563f) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
    2011/06/10 18:24:26.0412 2468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/10 18:24:26.0459 2468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/10 18:24:26.0506 2468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/10 18:24:26.0537 2468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/10 18:24:26.0740 2468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/10 18:24:26.0787 2468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/10 18:24:26.0818 2468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/10 18:24:26.0881 2468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/10 18:24:27.0099 2468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/06/10 18:24:27.0146 2468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/10 18:24:27.0209 2468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/10 18:24:27.0412 2468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/10 18:24:27.0490 2468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/10 18:24:27.0521 2468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/10 18:24:27.0568 2468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/06/10 18:24:27.0771 2468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/06/10 18:24:27.0818 2468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/10 18:24:27.0865 2468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/10 18:24:28.0115 2468 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/10 18:24:28.0193 2468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/10 18:24:28.0256 2468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/06/10 18:24:28.0599 2468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/10 18:24:28.0646 2468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/10 18:24:28.0709 2468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/10 18:24:28.0756 2468 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/10 18:24:29.0052 2468 R592 (1f459f1c726790f6ca34a0fb3d50292d) C:\WINDOWS\system32\DRIVERS\R592.sys
    2011/06/10 18:24:29.0115 2468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/10 18:24:29.0193 2468 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2011/06/10 18:24:29.0396 2468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/10 18:24:29.0459 2468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/10 18:24:29.0506 2468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/10 18:24:29.0552 2468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/10 18:24:29.0740 2468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/10 18:24:29.0818 2468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/10 18:24:29.0865 2468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/10 18:24:30.0068 2468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/10 18:24:30.0162 2468 risdpntk (66ab0104acd972c415662941176932f5) C:\WINDOWS\system32\DRIVERS\risdpntk.sys
    2011/06/10 18:24:30.0224 2468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/06/10 18:24:30.0427 2468 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/06/10 18:24:30.0506 2468 sbaphd (bc10b9e76a5fd132e0a4a7925004bdf7) C:\WINDOWS\system32\drivers\sbaphd.sys
    2011/06/10 18:24:30.0552 2468 sbapifs (cdfe59b67752d5a8f999dfcce1717f6d) C:\WINDOWS\system32\drivers\sbapifs.sys
    2011/06/10 18:24:30.0802 2468 SBRE (c201db8a39293e51fd292be663ad6176) C:\WINDOWS\system32\drivers\SBREdrv.sys
    2011/06/10 18:24:30.0865 2468 sbtis (d23b2615f9af5c8a6f74634344a5a216) C:\WINDOWS\system32\drivers\sbtis.sys
    2011/06/10 18:24:31.0068 2468 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/06/10 18:24:31.0115 2468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/10 18:24:31.0162 2468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/06/10 18:24:31.0396 2468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/10 18:24:31.0459 2468 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    2011/06/10 18:24:31.0631 2468 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
    2011/06/10 18:24:31.0834 2468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/10 18:24:31.0896 2468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/10 18:24:31.0959 2468 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/10 18:24:32.0162 2468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/10 18:24:32.0209 2468 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/10 18:24:32.0302 2468 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
    2011/06/10 18:24:32.0490 2468 SWMX00 (2bcdcf7e2a3a707e74ad4cdcb420225a) C:\WINDOWS\system32\DRIVERS\swmx00.sys
    2011/06/10 18:24:32.0537 2468 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
    2011/06/10 18:24:32.0677 2468 SynTP (7987c01d1bd0c413b12b3d3ed743d7f5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/06/10 18:24:32.0881 2468 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/10 18:24:32.0959 2468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/10 18:24:33.0006 2468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/10 18:24:33.0209 2468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/10 18:24:33.0256 2468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/10 18:24:33.0584 2468 TFilter (d7d74c07ca80352958f36c0b164a516b) C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys
    2011/06/10 18:24:33.0802 2468 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
    2011/06/10 18:24:33.0865 2468 tosporte (09505abeae3de953442417a48256684a) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    2011/06/10 18:24:33.0896 2468 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    2011/06/10 18:24:33.0943 2468 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    2011/06/10 18:24:34.0131 2468 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    2011/06/10 18:24:34.0177 2468 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    2011/06/10 18:24:34.0209 2468 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    2011/06/10 18:24:34.0256 2468 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
    2011/06/10 18:24:34.0287 2468 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    2011/06/10 18:24:34.0506 2468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/10 18:24:34.0584 2468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/10 18:24:34.0631 2468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/10 18:24:34.0834 2468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/10 18:24:34.0896 2468 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/10 18:24:34.0959 2468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/06/10 18:24:35.0146 2468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/10 18:24:35.0193 2468 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/10 18:24:35.0224 2468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/10 18:24:35.0287 2468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/10 18:24:35.0490 2468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/10 18:24:35.0552 2468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/10 18:24:35.0709 2468 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    2011/06/10 18:24:35.0912 2468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/10 18:24:35.0974 2468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/10 18:24:36.0052 2468 winachsf (448f0de9b06386a4dd605d28c0cc5feb) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/06/10 18:24:36.0271 2468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/06/10 18:24:36.0334 2468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/10 18:24:36.0365 2468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/10 18:24:36.0459 2468 yukonwxp (a81a1f8c2a50f72fda9c686aa85bf151) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
    2011/06/10 18:24:36.0506 2468 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    2011/06/10 18:24:36.0693 2468 ================================================================================
    2011/06/10 18:24:36.0693 2468 Scan finished
    2011/06/10 18:24:36.0693 2468 ================================================================================
    2011/06/10 18:24:36.0709 2996 Detected object count: 0
    2011/06/10 18:24:36.0709 2996 Actual detected object count: 0
  10. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Yes. Thank you :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  11. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    Thank you for the help. I cannot stay online right now. Hope to continue later tonight or tomorrow.

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-10 18:38:50
    -----------------------------
    18:38:50.256 OS Version: Windows 5.1.2600 Service Pack 3
    18:38:50.256 Number of processors: 1 586 0xD08
    18:38:50.256 ComputerName: ASUS-P1-W3V UserName: fix
    18:38:59.787 Initialize success
    18:39:02.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:39:02.974 Disk 0 Vendor: HTS721060G9AT00 MC3OA40M Size: 57231MB BusType: 3
    18:39:04.974 Disk 0 MBR read successfully
    18:39:04.974 Disk 0 MBR scan
    18:39:04.974 Disk 0 unknown MBR code
    18:39:06.974 Disk 0 scanning sectors +117210240
    18:39:07.068 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:39:19.287 Service scanning
    18:39:20.396 Disk 0 trace - called modules:

    18:39:20.412 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88bb8ef0]<< (THIS WAS HIGHLIGHTED IN RED LETTERS)

    18:39:20.412 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a28fab8]
    18:39:20.412 Scan finished successfully
    18:39:42.974 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\MBR.dat"
    18:39:42.974 The log file has been saved successfully to "C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\aswMBR.txt"
  12. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    Can continue process now, until about 7pm central time, U.S.
  13. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    OK...............
     
  14. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    A bit more about the behavior of the main user account on my PC:

    The desktop still loads with only 3 shortcuts: the Recycle Bin, My Documents, and IE7 (had a few dozen before). But My documents folder appears empty. And when I look under programs, it doesn't bring up anything. Still need to use the other user account to use the PC, but everything is still there and usable.

    I will check back about 10 pm central U.S.

    thanks for the help.
  15. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Do NOT run Combofix yet.

    Run this and see, if it'll bring back missing items.
    Download and run UnHide
  16. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    thanks.

    unhide restored the desktop icons and program and other folders visibility

    next?
  17. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Perfect!

    Go on with Combofix.
  18. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    sorry for the delay.

    Upon running combofix, the scan stalled and I could only do a power reset to get the computer to turn off. Upon restart, the malware started running on the second user logon I created to try to fix things. So I have gone back to running all the scans I did to clean up my original problem, only now with the second user account. Same stuff wrong, all programs hidden and desktop icons hidden. Makes it difficult to run scans without a lot of keystrokes.

    I ran Malwarebytes and it returned 2 problems, registry keys that mbam.exe did not clean or change.

    Will try to paste the report of that.

    The bad registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) no action taken
    HKEY_LOCAL_MACHINE\SOFTWARE/avsuite (Rogue.AntivirusSuite) no action taken

    I have looked at those folders in registry editor. (HAVE NOT EDITED OR CHANGED ANYTHING) They just appear as empty folders.

    Would you recommend running Combofix in safe mode?
  19. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    ...and the reason, you didn't fix those two issues is?
  20. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39


    I did not elect not to fix them. I just thought the malwarebytes program makes that decision. It didn't clean them, and it never asked me if it should. The program just reported that no action was taken.

    Should I run it again and see if it cleans them?
  21. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Yes. You have to fix all issues reported by MBAM.
    ...and post the log as well.
  22. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    Should it do the clean automatically, or is there something I should be doing manually?

    Thanks again for the guidance. I have an errand, will not be back to post the results for a couple hours.
  23. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    There is a "Fix" button there.
  24. LaptopWrecked

    LaptopWrecked Newcomer, in training Topic Starter Posts: 39

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/12/2011 11:42:00 PM
    mbam-log-2011-06-12 (23-42-00).txt

    Scan type: Quick scan
    Objects scanned: 212405
    Time elapsed: 9 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)
  25. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Very well :)

    Proceed with Combofix.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.