Please Help... I think Im infected...

**ThankYou** · 2011-11-14, 05:10

Hey and sorry for the long delay.

Here is the links from Virus Total

http://www.virustotal.com/file-scan/...852-1321242916

http://www.virustotal.com/file-scan/...30f-1321243063

I have posted and attached the aswMBR.txt scan as well.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-13 23:05:26
-----------------------------
23:05:26.863 OS Version: Windows 5.1.2600 Service Pack 3
23:05:26.863 Number of processors: 2 586 0xE0C
23:05:26.863 ComputerName: ELI UserName:
23:05:28.660 Initialize success
23:06:04.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:06:04.738 Disk 0 Vendor: TOSHIBA_MK6008GAH BU011A Size: 57231MB BusType: 3
23:06:06.770 Disk 0 MBR read successfully
23:06:06.770 Disk 0 MBR scan
23:06:06.770 Disk 0 Whistler@MBR code has been found
23:06:06.770 Disk 0 MBR [Whistler] **ROOTKIT**
23:06:06.817 Disk 0 scanning C:\WINDOWS\system32\drivers
23:06:18.520 Service scanning
23:06:20.504 Modules scanning
23:06:37.723 Disk 0 trace - called modules:
23:06:37.770 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:06:37.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d9030]
23:06:37.770 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7e9940]
23:06:37.770 Scan finished successfully
23:06:51.863 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eli Lipskar\Desktop\MBR.dat"
23:06:51.863 The log file has been saved successfully to "C:\Documents and Settings\Eli Lipskar\Desktop\aswMBR.txt"

Thank You

**JonTom** · 2011-11-14, 18:12

Hello ThankYou

sorry for the long delay

Not a problem

When you ran aswMBR a file called MBR.dat would have been created on your desktop.

I would like you to zip this file up and attach it to your next post.

To do this, Right click on the file and select Send to ===> Compressed (Zipped) Folder.

The zipped file will appear on your desktop. Attach it in your next reply and run the following tool:

TDSS Killer
- Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

**ThankYou** · 2011-11-15, 05:02

Hey,

Please find the MBR.zip attached.

Here is the TDSSKiller Report

22:47:19.0296 2728 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
22:47:20.0343 2728 ============================================================
22:47:20.0343 2728 Current date / time: 2011/11/14 22:47:20.0343
22:47:20.0343 2728 SystemInfo:
22:47:20.0343 2728
22:47:20.0343 2728 OS Version: 5.1.2600 ServicePack: 3.0
22:47:20.0343 2728 Product type: Workstation
22:47:20.0343 2728 ComputerName: ELI
22:47:20.0343 2728 UserName: Eli Lipskar
22:47:20.0343 2728 Windows directory: C:\WINDOWS
22:47:20.0343 2728 System windows directory: C:\WINDOWS
22:47:20.0343 2728 Processor architecture: Intel x86
22:47:20.0343 2728 Number of processors: 2
22:47:20.0343 2728 Page size: 0x1000
22:47:20.0343 2728 Boot type: Normal boot
22:47:20.0343 2728 ============================================================
22:47:26.0000 2728 Initialize success
22:47:44.0546 3204 ============================================================
22:47:44.0546 3204 Scan started
22:47:44.0546 3204 Mode: Manual;
22:47:44.0546 3204 ============================================================
22:47:50.0265 3204 Abiosdsk - ok
22:47:50.0593 3204 abp480n5 - ok
22:47:50.0984 3204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:50.0984 3204 ACPI - ok
22:47:51.0640 3204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:47:51.0750 3204 ACPIEC - ok
22:47:52.0375 3204 adpu160m - ok
22:47:52.0703 3204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:47:52.0703 3204 aec - ok
22:47:53.0109 3204 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:47:53.0125 3204 AFD - ok
22:47:53.0468 3204 Aha154x - ok
22:47:53.0609 3204 aic78u2 - ok
22:47:53.0890 3204 aic78xx - ok
22:47:54.0140 3204 AliIde - ok
22:47:54.0468 3204 amsint - ok
22:47:54.0812 3204 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:47:54.0828 3204 ApfiltrService - ok
22:47:55.0171 3204 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:47:55.0171 3204 APPDRV - ok
22:47:55.0421 3204 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:47:55.0546 3204 Arp1394 - ok
22:47:55.0734 3204 asc - ok
22:47:56.0078 3204 asc3350p - ok
22:47:56.0203 3204 asc3550 - ok
22:47:56.0593 3204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:56.0593 3204 AsyncMac - ok
22:47:56.0984 3204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:56.0984 3204 atapi - ok
22:47:57.0140 3204 Atdisk - ok
22:47:57.0765 3204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:57.0765 3204 Atmarpc - ok
22:47:58.0609 3204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:58.0718 3204 audstub - ok
22:47:59.0109 3204 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:47:59.0109 3204 b57w2k - ok
22:47:59.0859 3204 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:48:00.0359 3204 BCM43XX - ok
22:48:00.0687 3204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:48:00.0703 3204 Beep - ok
22:48:00.0718 3204 catchme - ok
22:48:01.0062 3204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:48:01.0062 3204 cbidf2k - ok
22:48:01.0437 3204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:48:01.0437 3204 CCDECODE - ok
22:48:01.0593 3204 cd20xrnt - ok
22:48:01.0921 3204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:48:01.0921 3204 Cdaudio - ok
22:48:02.0296 3204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:48:02.0406 3204 Cdfs - ok
22:48:03.0046 3204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:48:03.0046 3204 Cdrom - ok
22:48:03.0343 3204 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:48:03.0343 3204 cercsr6 - ok
22:48:03.0828 3204 Changer - ok
22:48:04.0578 3204 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:48:04.0593 3204 CmBatt - ok
22:48:05.0203 3204 CmdIde - ok
22:48:05.0781 3204 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:48:05.0796 3204 Compbatt - ok
22:48:06.0187 3204 Cpqarray - ok
22:48:06.0468 3204 dac2w2k - ok
22:48:06.0734 3204 dac960nt - ok
22:48:07.0125 3204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:48:07.0140 3204 Disk - ok
22:48:07.0890 3204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:48:08.0187 3204 dmboot - ok
22:48:08.0671 3204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:48:08.0703 3204 dmio - ok
22:48:09.0015 3204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:48:09.0031 3204 dmload - ok
22:48:09.0718 3204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:48:09.0765 3204 DMusic - ok
22:48:09.0984 3204 dpti2o - ok
22:48:10.0515 3204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:48:10.0531 3204 drmkaud - ok
22:48:11.0015 3204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:48:11.0015 3204 Fastfat - ok
22:48:11.0531 3204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:48:11.0531 3204 Fdc - ok
22:48:11.0937 3204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:48:11.0937 3204 Fips - ok
22:48:12.0218 3204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:48:12.0218 3204 Flpydisk - ok
22:48:12.0593 3204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:48:12.0625 3204 FltMgr - ok
22:48:13.0046 3204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:48:13.0046 3204 Fs_Rec - ok
22:48:13.0281 3204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:48:13.0296 3204 Ftdisk - ok
22:48:13.0765 3204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:48:13.0765 3204 GEARAspiWDM - ok
22:48:14.0281 3204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:48:14.0312 3204 Gpc - ok
22:48:14.0875 3204 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
22:48:14.0921 3204 guardian2 - ok
22:48:15.0578 3204 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:48:15.0578 3204 HDAudBus - ok
22:48:16.0140 3204 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:48:16.0171 3204 HidUsb - ok
22:48:16.0765 3204 HPFXBULK (b5638a404e7544c3893ae82645be97e2) C:\WINDOWS\system32\drivers\hpfxbulk.sys
22:48:16.0765 3204 HPFXBULK - ok
22:48:17.0359 3204 hpn - ok
22:48:18.0062 3204 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
22:48:18.0296 3204 HSF_DPV - ok
22:48:18.0796 3204 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
22:48:18.0812 3204 HSXHWAZL - ok
22:48:19.0421 3204 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:48:19.0578 3204 HTTP - ok
22:48:19.0828 3204 i2omgmt - ok
22:48:20.0109 3204 i2omp - ok
22:48:20.0718 3204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:48:20.0718 3204 i8042prt - ok
22:48:22.0031 3204 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:48:23.0453 3204 ialm - ok
22:48:24.0046 3204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:48:24.0046 3204 Imapi - ok
22:48:25.0046 3204 ini910u - ok
22:48:25.0593 3204 IntelIde - ok
22:48:25.0937 3204 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:48:25.0953 3204 intelppm - ok
22:48:26.0375 3204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:48:26.0375 3204 Ip6Fw - ok
22:48:26.0640 3204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:48:26.0640 3204 IpFilterDriver - ok
22:48:26.0890 3204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:48:26.0906 3204 IpInIp - ok
22:48:27.0265 3204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:48:27.0281 3204 IpNat - ok
22:48:27.0828 3204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:48:27.0843 3204 IPSec - ok
22:48:28.0203 3204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:48:28.0203 3204 IRENUM - ok
22:48:28.0453 3204 iRippit (4f67debbebcb98616de14386844f69ed) C:\WINDOWS\system32\Drivers\iRippit.sys
22:48:28.0453 3204 iRippit - ok
22:48:28.0796 3204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:48:28.0796 3204 isapnp - ok
22:48:29.0109 3204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:48:29.0109 3204 Kbdclass - ok
22:48:29.0437 3204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:48:29.0453 3204 kmixer - ok
22:48:29.0812 3204 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:48:29.0812 3204 KSecDD - ok
22:48:30.0187 3204 lbrtfdc - ok
22:48:30.0515 3204 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:48:30.0546 3204 mdmxsdk - ok
22:48:31.0000 3204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:48:31.0046 3204 mnmdd - ok
22:48:31.0781 3204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:48:31.0781 3204 Modem - ok
22:48:32.0421 3204 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:48:32.0500 3204 Mouclass - ok
22:48:33.0187 3204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:48:33.0218 3204 mouhid - ok
22:48:33.0796 3204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:48:33.0796 3204 MountMgr - ok
22:48:34.0218 3204 mraid35x - ok
22:48:34.0750 3204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:48:34.0796 3204 MRxDAV - ok
22:48:35.0421 3204 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:48:35.0718 3204 MRxSmb - ok
22:48:36.0890 3204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:48:36.0906 3204 Msfs - ok
22:48:37.0921 3204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:48:37.0968 3204 MSKSSRV - ok
22:48:39.0093 3204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:48:39.0187 3204 MSPCLOCK - ok
22:48:39.0703 3204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:48:39.0718 3204 MSPQM - ok
22:48:40.0218 3204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:48:40.0234 3204 mssmbios - ok
22:48:40.0750 3204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:48:40.0796 3204 MSTEE - ok
22:48:41.0515 3204 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:48:41.0593 3204 Mup - ok
22:48:42.0406 3204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:48:42.0453 3204 NABTSFEC - ok
22:48:43.0031 3204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:48:43.0062 3204 NDIS - ok
22:48:43.0562 3204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:48:43.0562 3204 NdisIP - ok
22:48:44.0281 3204 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:48:44.0296 3204 NdisTapi - ok
22:48:44.0953 3204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:48:44.0968 3204 Ndisuio - ok
22:48:45.0531 3204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:48:45.0562 3204 NdisWan - ok
22:48:46.0078 3204 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:48:46.0093 3204 NDProxy - ok
22:48:46.0421 3204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:48:46.0421 3204 NetBIOS - ok
22:48:46.0859 3204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:48:46.0875 3204 NetBT - ok
22:48:47.0328 3204 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:48:47.0328 3204 NIC1394 - ok
22:48:47.0796 3204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:48:47.0796 3204 Npfs - ok
22:48:48.0218 3204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:48:48.0406 3204 Ntfs - ok
22:48:48.0953 3204 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:48:48.0953 3204 NuidFltr - ok
22:48:49.0343 3204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:48:49.0343 3204 Null - ok
22:48:49.0625 3204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:48:49.0625 3204 NwlnkFlt - ok
22:48:49.0859 3204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:48:49.0859 3204 NwlnkFwd - ok
22:48:50.0062 3204 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:48:50.0062 3204 ohci1394 - ok
22:48:50.0281 3204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:48:50.0281 3204 Parport - ok
22:48:50.0484 3204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:48:50.0484 3204 PartMgr - ok
22:48:50.0671 3204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:48:50.0671 3204 ParVdm - ok
22:48:50.0843 3204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:48:50.0859 3204 PCI - ok
22:48:51.0046 3204 PCIDump - ok
22:48:51.0234 3204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:48:51.0234 3204 PCIIde - ok
22:48:51.0484 3204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:48:51.0484 3204 Pcmcia - ok
22:48:51.0671 3204 PDCOMP - ok
22:48:51.0843 3204 PDFRAME - ok
22:48:51.0968 3204 PDRELI - ok
22:48:52.0093 3204 PDRFRAME - ok
22:48:52.0250 3204 perc2 - ok
22:48:52.0390 3204 perc2hib - ok
22:48:52.0578 3204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:48:52.0593 3204 PptpMiniport - ok
22:48:52.0906 3204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:48:52.0906 3204 PSched - ok
22:48:53.0265 3204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:48:53.0265 3204 Ptilink - ok
22:48:53.0515 3204 ql1080 - ok
22:48:53.0843 3204 Ql10wnt - ok
22:48:54.0140 3204 ql12160 - ok
22:48:54.0312 3204 ql1240 - ok
22:48:54.0468 3204 ql1280 - ok
22:48:54.0750 3204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:48:54.0750 3204 RasAcd - ok
22:48:55.0031 3204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:48:55.0046 3204 Rasl2tp - ok
22:48:55.0328 3204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:48:55.0359 3204 RasPppoe - ok
22:48:55.0640 3204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:48:55.0640 3204 Raspti - ok
22:48:55.0890 3204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:48:55.0890 3204 Rdbss - ok
22:48:56.0281 3204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:48:56.0281 3204 RDPCDD - ok
22:48:56.0640 3204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:48:56.0640 3204 rdpdr - ok
22:48:57.0281 3204 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:48:57.0390 3204 RDPWD - ok
22:48:58.0046 3204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:48:58.0046 3204 redbook - ok
22:48:58.0328 3204 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:48:58.0328 3204 RimUsb - ok
22:48:58.0578 3204 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:48:58.0578 3204 RimVSerPort - ok
22:48:58.0828 3204 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:48:58.0843 3204 ROOTMODEM - ok
22:48:59.0078 3204 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:48:59.0109 3204 sdbus - ok
22:48:59.0328 3204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:48:59.0343 3204 Secdrv - ok
22:48:59.0609 3204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:48:59.0625 3204 Serial - ok
22:48:59.0921 3204 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:48:59.0953 3204 sffdisk - ok
22:49:00.0140 3204 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:49:00.0140 3204 sffp_sd - ok
22:49:00.0375 3204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:49:00.0390 3204 Sfloppy - ok
22:49:00.0562 3204 Simbad - ok
22:49:00.0765 3204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:49:00.0796 3204 SLIP - ok
22:49:00.0968 3204 Sparrow - ok
22:49:01.0171 3204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:49:01.0187 3204 splitter - ok
22:49:01.0453 3204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:49:01.0453 3204 sr - ok
22:49:01.0718 3204 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:49:01.0750 3204 Srv - ok
22:49:02.0359 3204 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
22:49:02.0796 3204 STHDA - ok
22:49:03.0062 3204 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
22:49:03.0093 3204 StkAMini - ok
22:49:03.0656 3204 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
22:49:03.0703 3204 StkScan - ok
22:49:04.0062 3204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:49:04.0062 3204 streamip - ok
22:49:04.0343 3204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:49:04.0343 3204 swenum - ok
22:49:04.0609 3204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:49:04.0609 3204 swmidi - ok
22:49:04.0859 3204 symc810 - ok
22:49:05.0046 3204 symc8xx - ok
22:49:05.0218 3204 sym_hi - ok
22:49:05.0406 3204 sym_u3 - ok
22:49:05.0656 3204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:49:05.0656 3204 sysaudio - ok
22:49:05.0937 3204 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:49:05.0984 3204 Tcpip - ok
22:49:06.0250 3204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:49:06.0265 3204 TDPIPE - ok
22:49:06.0546 3204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:49:06.0546 3204 TDTCP - ok
22:49:06.0765 3204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:49:06.0781 3204 TermDD - ok
22:49:07.0000 3204 TosIde - ok
22:49:07.0234 3204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:49:07.0234 3204 Udfs - ok
22:49:07.0453 3204 UIUSys - ok
22:49:07.0843 3204 ultra - ok
22:49:08.0187 3204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:49:08.0187 3204 Update - ok
22:49:08.0453 3204 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:49:08.0468 3204 USBAAPL - ok
22:49:08.0703 3204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:49:08.0718 3204 usbaudio - ok
22:49:09.0312 3204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:49:09.0312 3204 usbccgp - ok
22:49:09.0921 3204 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
22:49:09.0921 3204 USBCCID - ok
22:49:10.0109 3204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:49:10.0109 3204 usbehci - ok
22:49:10.0328 3204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:49:10.0343 3204 usbhub - ok
22:49:10.0593 3204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:49:10.0609 3204 usbprint - ok
22:49:10.0796 3204 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:49:10.0812 3204 usbscan - ok
22:49:11.0015 3204 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:49:11.0015 3204 usbstor - ok
22:49:11.0328 3204 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:49:11.0328 3204 usbuhci - ok
22:49:11.0609 3204 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:49:11.0625 3204 usbvideo - ok
22:49:11.0843 3204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:49:11.0843 3204 VgaSave - ok
22:49:12.0000 3204 ViaIde - ok
22:49:12.0203 3204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:49:12.0203 3204 VolSnap - ok
22:49:12.0453 3204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:49:12.0453 3204 Wanarp - ok
22:49:12.0921 3204 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:49:12.0937 3204 Wdf01000 - ok
22:49:13.0187 3204 WDICA - ok
22:49:13.0406 3204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:49:13.0406 3204 wdmaud - ok
22:49:13.0734 3204 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
22:49:13.0796 3204 winachsf - ok
22:49:14.0390 3204 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:49:14.0406 3204 WmiAcpi - ok
22:49:14.0703 3204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:49:14.0703 3204 WSTCODEC - ok
22:49:14.0781 3204 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
22:49:14.0812 3204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
22:49:14.0812 3204 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
22:49:14.0828 3204 Boot (0x1200) (614e9a5769fb422c4b1b2316d6b26a54) \Device\Harddisk0\DR0\Partition0
22:49:14.0828 3204 \Device\Harddisk0\DR0\Partition0 - ok
22:49:14.0828 3204 ============================================================
22:49:14.0828 3204 Scan finished
22:49:14.0828 3204 ============================================================
22:49:14.0859 1064 Detected object count: 1
22:49:14.0859 1064 Actual detected object count: 1
22:49:40.0718 1064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
22:49:40.0718 1064 \Device\Harddisk0\DR0 - ok
22:49:40.0718 1064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
22:49:49.0437 3828 Deinitialize success

**JonTom** · 2011-11-15, 10:55

Hello ThankYou

Lets proceed as follows:

Please work through the following steps
- Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
- NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
- Copy and Paste the text in the quotebox below into the open Notepad window:
  
  File::
  D:\LaunchU3.exe
  D:\Setup_FlipShare.exe
  D:\wdsync.exe
  
  Registry::
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288cdc54-a39f-11e0-9af1-001f3a384cdd}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69bf104a-217e-11e0-9ab0-001f3a384cdd}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7583f047-fd56-11df-9a97-001f3a384cdd}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c58b2295-bf00-11e0-9afb-001c230b9a11}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb95d88-b14f-11e0-9af4-001c230b9a11}]
- Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
- Close any open browsers.
- Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Refering to the picture below, drag CFScript.txt into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
- Once the log is produced, re-engage your resident anti virus.
Please perform the following scan:
- Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
- Double click on the mbam-setup.exe icon to install the program.
- Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
- Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
- Click on the "Update" tab and then on "Check for Updates".
- The program will now install the latest Malware definition files.
- Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
- Once the program has scanned your computer, a log file will be created in Notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
- The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
- Come back here to this thread and Paste the log in your next reply.
Please post the ComboFix log and the MBAM log in your next reply.

**ThankYou** · 2011-11-16, 04:49

hey,

I ran the combofix in safemode as that where I ran originally - Here is the combofix report.

ComboFix 11-11-15.06 - Administrator 11/15/2011 20:44:28.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1626 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"D:\LaunchU3.exe"
"D:\Setup_FlipShare.exe"
"D:\wdsync.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eli Lipskar\Local Settings\Temp\7zS10D.tmp\EZInstall.exe
c:\documents and settings\Eli Lipskar\Local Settings\Temp\7zS10D.tmp\setup\DPInst_x32\DPInst.exe
c:\documents and settings\Eli Lipskar\Local Settings\Temp\7zS10D.tmp\setup\DPInst_x64\DPInst.exe
c:\documents and settings\Eli Lipskar\Local Settings\Temp\Rar$EX68.144\TDSSKiller.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 01:27 . 2011-11-16 01:27 -------- d-----w- c:\windows\LastGood
2011-11-06 13:20 . 2011-11-06 13:20 -------- d-----w- c:\program files\ERUNT
2011-11-06 12:17 . 2011-11-06 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-06 11:54 . 2011-11-06 12:00 -------- d-----w- c:\documents and settings\Administrator
2011-10-17 04:08 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-11-22 04:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 16:40 . 2011-08-23 16:40 1062984 ----a-w- c:\documents and settings\Eli Lipskar\gotomypc_540.exe
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-01 15:11 . 2010-12-01 15:11 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-01 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
"DYMOFileMonitor"="c:\program files\DYMO File\DYMOFileMonitor.exe" [2009-05-30 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-22 233936]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Eli Lipskar\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
"6160:TCP"= 6160:TCP:Seagull Driver Networking
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/1/2010 10:11 AM 30192]
S3 iRippit;iRippit USB Driver for Tube device v2.0.3;c:\windows\system32\drivers\iRippit.sys [8/3/2011 10:58 PM 40312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1682526488-682003330-1003Core.job
- c:\documents and settings\Eli Lipskar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 15:43]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1682526488-682003330-1003UA.job
- c:\documents and settings\Eli Lipskar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 15:43]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.15.189/DvrOcx.cab
FF - ProfilePath - c:\documents and settings\Eli Lipskar\Application Data\Mozilla\Firefox\Profiles\mb7xufoi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,64,d2,04,cc,29,dd,4e,a9,83,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,64,d2,04,cc,29,dd,4e,a9,83,11,\
.
[HKEY_USERS\S-1-5-21-436374069-1682526488-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,40,6b,19,fc,85,28,49,b9,96,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,40,6b,19,fc,85,28,49,b9,96,42,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-11-15 20:56:04
ComboFix-quarantined-files.txt 2011-11-16 01:55
ComboFix2.txt 2011-11-11 20:27
.
Pre-Run: 5,338,423,296 bytes free
Post-Run: 5,322,854,400 bytes free
.
- - End Of File - - 7586A22C4324D1501B2C6DC1B7D30E9F

Here is the MBAM Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8171

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2011 9:47:31 PM
mbam-log-2011-11-15 (21-47-31).txt

Scan type: Quick scan
Objects scanned: 205696
Time elapsed: 37 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\eli lipskar\local settings\temporary internet files\Content.IE5\PB9SE27X\info[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Thanks Again for all your help.

**JonTom** · 2011-11-16, 16:10

Hello ThankYou

I can not run any program in regular mode so I am operating out of SAFE MODE

Is this still the case? Are you able to boot into Regular Mode at all?

Lets get your Java updated and then run an Online Scan to check for any leftovers:

Please update your Java
- To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
- In the window that opens, click on the "Update" tab, and then on "Update Now".
- Your Java should begin to update. Please follow any prompts that you receive.
Please run the following scan
- Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
- Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
- Please disable your real time security programs before performing the scan.
- Scan your system with Eset Online Scanner
- Place a check mark in the box YES, I accept the Terms Of Use.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option to "Remove Found Threats" is UN checked.
- Push the "Start" button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
Please post the ESET log in your next reply.

**ThankYou** · 2011-11-17, 05:17

'Quote:
I can not run any program in regular mode so I am operating out of SAFE MODE

Is this still the case? Are you able to boot into Regular Mode at all?"

I can run and operate in regular mode - My original combofix was in safe mode so i continued there. Although I am still missing all my program Files in the start menu.

I updated JAVA and attached is the ESET scan as requested.

Thank You for all you Help

**JonTom** · 2011-11-17, 14:35

Hello ThankYou

I can run and operate in regular mode - My original combofix was in safe mode so i continued there

Thanks for letting me know.

Once the machine has been cleaned you will have to rebuild/replace the missing items from your start menu/desktop. I will provide you with come guidance on the required procedure in due course, but for the moment lets continue:

ESET has detected some files held in ComboFix quarantine, and some infected restore points. We will deal with these later (they can cause no harm to your machine provided you do not perform a system restore). ESET also detected a file which needs to be removed.

I would like you to run the following Combofix script from Regular Mode

If Combofix informs you that an update is available please allow it to install.

Please work through the following steps
- Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
- NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
- Copy and Paste the text in the quotebox below into the open Notepad window:
  
  File::
  C:\Documents and Settings\Eli Lipskar\My Documents\Downloads\setup_1116236.exe
- Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
- Close any open browsers.
- Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Refering to the picture below, drag CFScript.txt into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
- Once the log is produced, re-engage your resident anti virus.
Please post the ComboFix log in your next reply.

Are you still receiving the "Disk Error Message" when you restart your machine?

**ThankYou** · 2011-11-17, 18:02

Originally Posted by JonTom

Hello ThankYou

Thanks for letting me know.

Once the machine has been cleaned you will have to rebuild/replace the missing items from your start menu/desktop. I will provide you with come guidance on the required procedure in due course, but for the moment lets continue:

Thank You

Here is the comboFix

ComboFix 11-11-17.03 - Eli Lipskar 11/17/2011 10:31:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1250 [GMT -5:00]
Running from: c:\documents and settings\Eli Lipskar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eli Lipskar\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\Eli Lipskar\My Documents\Downloads\setup_1116236.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.a
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-16 15:43 . 2011-11-16 15:43 -------- d-----w- c:\program files\ESET
2011-11-16 15:39 . 2011-11-16 15:39 -------- d-----w- c:\program files\Common Files\Java
2011-11-16 02:07 . 2011-11-16 02:07 -------- d-----w- c:\documents and settings\Eli Lipskar\Application Data\Malwarebytes
2011-11-16 02:07 . 2011-11-16 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-16 02:07 . 2011-11-16 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 02:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 13:20 . 2011-11-06 13:20 -------- d-----w- c:\program files\ERUNT
2011-11-06 12:17 . 2011-11-06 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-06 11:54 . 2011-11-06 12:00 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-11-22 04:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2011-05-15 21:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2011-05-15 21:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 16:40 . 2011-08-23 16:40 1062984 ----a-w- c:\documents and settings\Eli Lipskar\gotomypc_540.exe
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-01 15:11 . 2010-12-01 15:11 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-10-29 1885944]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-01 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
"DYMOFileMonitor"="c:\program files\DYMO File\DYMOFileMonitor.exe" [2009-05-30 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-22 233936]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Eli Lipskar\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
"6160:TCP"= 6160:TCP:Seagull Driver Networking
.
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/15/2011 9:07 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/15/2011 9:07 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/1/2010 10:11 AM 30192]
S3 iRippit;iRippit USB Driver for Tube device v2.0.3;c:\windows\system32\drivers\iRippit.sys [8/3/2011 10:58 PM 40312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1682526488-682003330-1003Core.job
- c:\documents and settings\Eli Lipskar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 15:43]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1682526488-682003330-1003UA.job
- c:\documents and settings\Eli Lipskar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 15:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.15.189/DvrOcx.cab
FF - ProfilePath - c:\documents and settings\Eli Lipskar\Application Data\Mozilla\Firefox\Profiles\mb7xufoi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 10:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,64,d2,04,cc,29,dd,4e,a9,83,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,64,d2,04,cc,29,dd,4e,a9,83,11,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-17 10:47:43
ComboFix-quarantined-files.txt 2011-11-17 15:47
ComboFix2.txt 2011-11-16 01:56
ComboFix3.txt 2011-11-11 20:27
.
Pre-Run: 3,029,516,288 bytes free
Post-Run: 3,583,778,816 bytes free
.
- - End Of File - - B4003416359B006D7FED61D6745F637B

**JonTom** · 2011-11-17, 22:26

Hello ThankYou

SystemLook by JPShortstuff
- Double click SystemLook.exe to run the program.
- Copy the content of the following codebox into the main textfield:
Code:
```
:filefind
*setup_1116236.exe
```
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt
DDS and Security Check are not reporting the presence of an installed antivirus program. Can you confirm that this is the case?

Please post the SystemLook log in your next reply.

Thread: Please Help... I think Im infected...

Thread Tools

Display

Posting Permissions