First off, thank you, very much for taking the time to help so many people!
Major computer problems started a couple of days ago. A website I visited somehow resulted in a "rogue" that would not stop popping up, telling me I have a 24 viruses and needed to download their program. I did what I was instructed to (via McAfee) to fix that problem, but now this just showed up. I don't known if it is related or not.
I think I have the starting information you need. I am definitely not a computer guru, though, so if I messed up, please just let me know and I can try to correct it!
MalwareBytes Log (There are two even though I only ran it once. I'm not sure which one you need, so I am posting both.):
First Log
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6832
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
6/11/2011 1:35:59 AM
mbam-log-2011-06-11 (01-35-59).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 355037
Time elapsed: 1 hour(s), 45 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vyotfqln (Rogue.AntivirusSuite.Gen) -> Value: vyotfqln -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\c.clan\AppData\Local\abzezc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10086.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10087.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10088.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10089.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10090.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10091.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10092.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10093.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10094.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache12539.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$R85PWX1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$R99GBYH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RBDGPMH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RBLHA68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RGAETZS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RHAUUT7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RJ500CM.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RLFU5HF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RYDUA5R.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
Second Log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6845
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
6/12/2011 9:14:09 PM
mbam-log-2011-06-12 (21-14-09).txt
Scan type: Quick scan
Objects scanned: 172518
Time elapsed: 7 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\c.clan\AppData\Local\Temp\D6C3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
GMER Results
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-12 21:24:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 SAMSUNG_ rev.CP10
Running: 0969flyc.exe; Driver: C:\Users\CFEB2~1.CLA\AppData\Local\Temp\pgloqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B84CD48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B84CD72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B84CD5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B84CD34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD321KJ#4&228bd848&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS Logs
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/20/2008 4:08:27 AM
System Uptime: 6/12/2011 9:32:19 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 184.674 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.761 GiB free.
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1000 Best Fonts
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AMD Fuel
AOL Install
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
Brother MFL-Pro Suite
Browser Address Error Redirector
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CloudCare
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
CutePDF Writer 2.7
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
Digital Photo Navigator 1.5
Drivers Install For Linksys Easylink Advisor
EarthLink Setup Files
Everio MediaBrowser
Fax Solutions
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GP_Patch
Guitar Praise
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 7.1.0 (Basic)
KODAK Share Button App
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
NVIDIA Drivers
NVIDIANetworkDiagnostic
Paint Shop Pro 7 Anniversary Edition
Pando Media Booster
PaperPort Image Printer
Product Documentation Launcher
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft PaperPort 11
screensaver_ksbj
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Serif DrawPlus 4.0
Sid Meier's Civilization 4 Complete
Skins
Sonic Activation Module
TestDrive Client
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VideoSpirit Pro 1.70
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Walmart MP3 Music Downloads
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
6/12/2011 9:33:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
6/12/2011 9:33:07 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/12/2011 9:32:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:30:25 PM on 6/12/2011 was unexpected.
6/12/2011 11:04:11 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:54:16 PM, Error: EventLog [6008] - The previous system shutdown at 9:51:17 PM on 6/11/2011 was unexpected.
6/11/2011 4:14:12 PM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
DDS
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by c.clan at 21:36:27 on 2011-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2193 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: CloudCare *Disabled/Updated* {567F6DDD-22AE-6081-DE6F-F28A4699C7E6}
SP: CloudCare AntiSpyware *Disabled/Updated* {ED1E8C39-0494-6F0F-E4DF-C9F83D1E8D5B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bsecure\BSecAMX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bsecure\BsecTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080120
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110611161436.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Bsecure] c:\program files\bsecure\BsecTray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_ActiveX.exe -update activex
StartupFolder: c:\users\c.clan\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
LSP: %ProgramFiles%\Bsecure\InetCtrl43.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94EE6A8B-5BB2-470C-B334-7DA00E445979} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2011-3-8 4608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-8 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-25 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-21 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-18 163400]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 Bsecure;CloudCare;c:\program files\bsecure\InetCtrl.exe [2011-2-25 55136]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\bsecure\BsecAV.exe [2011-2-25 135080]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-3-8 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-8 2151128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-21 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-21 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-21 148520]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-7 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [2011-2-25 21624]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-21 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-25 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-25 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-21 337912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-12 135664]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-8 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-10 39984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-21 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-25 40552]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-21 84072]
.
=============== Created Last 30 ================
.
2011-06-11 04:46:24 -------- d-----w- c:\users\c.clan\appdata\roaming\Malwarebytes
2011-06-11 04:46:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 04:46:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-11 04:46:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 04:46:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 04:21:50 -------- d-----w- c:\users\c.clan\appdata\local\WMTools Downloaded Files
2011-05-22 04:18:40 -------- d-----w- c:\program files\Movie Maker 2.6
2011-05-22 03:40:19 175616 ----a-w- c:\windows\system32\unrar.dll
2011-05-22 03:40:18 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-05-22 03:37:28 -------- d-----w- c:\program files\Real Alternative
2011-05-22 01:03:17 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-21 21:20:35 -------- d-----w- c:\programdata\PIXELA
2011-05-21 20:56:34 -------- d-----w- c:\program files\PIXELA
2011-05-21 20:55:16 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
.
==================== Find3M ====================
.
2011-04-19 02:26:54 624640 ----a-w- c:\windows\screensaver_ksbj.scr
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_ rev.CP10 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B54ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86cf0879; SUB DWORD [EBP-0x4], 0x86cf0135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x82259912] -> \Device\Harddisk0\DR0[0x86783AC8]
3 CLASSPNP[0x8BDA08B3] -> ntkrnlpa!IofCallDriver[0x82259912] -> [0x85AD2150]
5 acpi[0x8060B6BC] -> ntkrnlpa!IofCallDriver[0x82259912] -> [0x85AD2C90]
[0x86D6F160] -> IRP_MJ_CREATE -> 0x85B54ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD321KJ#4&228bd848&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:39:27.45 ===============
I would greatly appreciate any advice! Thank you!
Major computer problems started a couple of days ago. A website I visited somehow resulted in a "rogue" that would not stop popping up, telling me I have a 24 viruses and needed to download their program. I did what I was instructed to (via McAfee) to fix that problem, but now this just showed up. I don't known if it is related or not.
I think I have the starting information you need. I am definitely not a computer guru, though, so if I messed up, please just let me know and I can try to correct it!
MalwareBytes Log (There are two even though I only ran it once. I'm not sure which one you need, so I am posting both.):
First Log
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6832
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
6/11/2011 1:35:59 AM
mbam-log-2011-06-11 (01-35-59).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 355037
Time elapsed: 1 hour(s), 45 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vyotfqln (Rogue.AntivirusSuite.Gen) -> Value: vyotfqln -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\c.clan\AppData\Local\abzezc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10086.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10087.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10088.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10089.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10090.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10091.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10092.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10093.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache10094.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Local\Temp\jar_cache12539.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$R85PWX1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$R99GBYH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RBDGPMH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RBLHA68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RGAETZS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RHAUUT7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RJ500CM.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RLFU5HF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-60730305-3682503428-79390655-1000\$RYDUA5R.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\c.clan\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
Second Log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6845
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
6/12/2011 9:14:09 PM
mbam-log-2011-06-12 (21-14-09).txt
Scan type: Quick scan
Objects scanned: 172518
Time elapsed: 7 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\c.clan\AppData\Local\Temp\D6C3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
GMER Results
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-12 21:24:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 SAMSUNG_ rev.CP10
Running: 0969flyc.exe; Driver: C:\Users\CFEB2~1.CLA\AppData\Local\Temp\pgloqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B84CD48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B84CD72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B84CD5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B84CD34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD321KJ#4&228bd848&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS Logs
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/20/2008 4:08:27 AM
System Uptime: 6/12/2011 9:32:19 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 184.674 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.761 GiB free.
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1000 Best Fonts
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AMD Fuel
AOL Install
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
Brother MFL-Pro Suite
Browser Address Error Redirector
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CloudCare
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
CutePDF Writer 2.7
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
Digital Photo Navigator 1.5
Drivers Install For Linksys Easylink Advisor
EarthLink Setup Files
Everio MediaBrowser
Fax Solutions
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GP_Patch
Guitar Praise
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 7.1.0 (Basic)
KODAK Share Button App
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
NVIDIA Drivers
NVIDIANetworkDiagnostic
Paint Shop Pro 7 Anniversary Edition
Pando Media Booster
PaperPort Image Printer
Product Documentation Launcher
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft PaperPort 11
screensaver_ksbj
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Serif DrawPlus 4.0
Sid Meier's Civilization 4 Complete
Skins
Sonic Activation Module
TestDrive Client
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VideoSpirit Pro 1.70
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Walmart MP3 Music Downloads
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
6/12/2011 9:33:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
6/12/2011 9:33:07 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/12/2011 9:32:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:30:25 PM on 6/12/2011 was unexpected.
6/12/2011 11:04:11 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:54:16 PM, Error: EventLog [6008] - The previous system shutdown at 9:51:17 PM on 6/11/2011 was unexpected.
6/11/2011 4:14:12 PM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
DDS
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by c.clan at 21:36:27 on 2011-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2193 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: CloudCare *Disabled/Updated* {567F6DDD-22AE-6081-DE6F-F28A4699C7E6}
SP: CloudCare AntiSpyware *Disabled/Updated* {ED1E8C39-0494-6F0F-E4DF-C9F83D1E8D5B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bsecure\BSecAMX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bsecure\BsecTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080120
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110611161436.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Bsecure] c:\program files\bsecure\BsecTray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_ActiveX.exe -update activex
StartupFolder: c:\users\c.clan\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
LSP: %ProgramFiles%\Bsecure\InetCtrl43.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94EE6A8B-5BB2-470C-B334-7DA00E445979} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2011-3-8 4608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-8 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-25 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-21 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-18 163400]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 Bsecure;CloudCare;c:\program files\bsecure\InetCtrl.exe [2011-2-25 55136]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\bsecure\BsecAV.exe [2011-2-25 135080]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-3-8 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-8 2151128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-6-29 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-21 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-21 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-21 148520]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-7 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [2011-2-25 21624]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-21 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-25 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-25 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-21 337912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-12 135664]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-8 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-10 39984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-21 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-25 40552]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-21 84072]
.
=============== Created Last 30 ================
.
2011-06-11 04:46:24 -------- d-----w- c:\users\c.clan\appdata\roaming\Malwarebytes
2011-06-11 04:46:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 04:46:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-11 04:46:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 04:46:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 04:21:50 -------- d-----w- c:\users\c.clan\appdata\local\WMTools Downloaded Files
2011-05-22 04:18:40 -------- d-----w- c:\program files\Movie Maker 2.6
2011-05-22 03:40:19 175616 ----a-w- c:\windows\system32\unrar.dll
2011-05-22 03:40:18 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-05-22 03:37:28 -------- d-----w- c:\program files\Real Alternative
2011-05-22 01:03:17 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-21 21:20:35 -------- d-----w- c:\programdata\PIXELA
2011-05-21 20:56:34 -------- d-----w- c:\program files\PIXELA
2011-05-21 20:55:16 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
.
==================== Find3M ====================
.
2011-04-19 02:26:54 624640 ----a-w- c:\windows\screensaver_ksbj.scr
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_ rev.CP10 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B54ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86cf0879; SUB DWORD [EBP-0x4], 0x86cf0135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x82259912] -> \Device\Harddisk0\DR0[0x86783AC8]
3 CLASSPNP[0x8BDA08B3] -> ntkrnlpa!IofCallDriver[0x82259912] -> [0x85AD2150]
5 acpi[0x8060B6BC] -> ntkrnlpa!IofCallDriver[0x82259912] -> [0x85AD2C90]
[0x86D6F160] -> IRP_MJ_CREATE -> 0x85B54ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD321KJ#4&228bd848&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:39:27.45 ===============
I would greatly appreciate any advice! Thank you!