Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some sort of spyware infection


  • Please log in to reply
41 replies to this topic

#1 BradRHS08

BradRHS08

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 05:53 PM

Hi guys

To be honest, I'm not sure how this happened.
Lately my computer has been acting oddly. Among other things:
Firefox is constantly crashing
IE freezes up; previously viewed pages pop back up after being exited
I cannot access Microsoft Automatic Updates
No matter how many times I used MBAM, AntiSpyware, or AVG, the problems always regenerate themselves

AVG has said that I have a rootkit that keeps coming back, and AntiSpyware says I have hundreds of Adware Tracking Cookies that also keep re-occuring

In addition, sometimes my computer refuses to let me access my anti-virus programs


I apologize for being vague, I'm not computer-literate at all
I'll try to be more specific after I get some advice/questions

Any help would be greatly appreciated
My stepfather lost his job this Christmas, so we can't afford to take my computer in to get fixed
I need to try my hardest to get this fixed by myself

Thanks
Brad

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:21 AM

Posted 14 February 2012 - 07:47 PM

Hello, lets look at a couple logs and see if we can see something.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>>.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 08:07 PM

Okay,thanks. I'll do those things and get back to you

#4 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 08:28 PM

Here's the results of MiniToolBar:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 14-02-2012 at 19:26:20
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR5006EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pchome

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-16-E3-55-9B-39

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.66

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, February 14, 2012 6:59:37 PM

Lease Expires . . . . . . . . . . : Wednesday, February 15, 2012 6:59:37 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-16-D4-23-09-FE

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.35, 74.125.225.36, 74.125.225.37, 74.125.225.38
74.125.225.39, 74.125.225.40, 74.125.225.41, 74.125.225.42, 74.125.225.43
74.125.225.44, 74.125.225.45, 74.125.225.46, 74.125.225.47, 74.125.225.32
74.125.225.33, 74.125.225.34



Pinging google.com [74.125.225.66] with 32 bytes of data:



Reply from 74.125.225.66: bytes=32 time=62ms TTL=52

Reply from 74.125.225.66: bytes=32 time=63ms TTL=52



Ping statistics for 74.125.225.66:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 63ms, Average = 62ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 98.139.127.62



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=123ms TTL=44

Reply from 98.139.183.24: bytes=32 time=81ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 123ms, Average = 102ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 e3 55 9b 39 ...... Atheros AR5006EG Wireless Network Adapter - Packet Scheduler Miniport
0x10004 ...00 16 d4 23 09 fe ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.66 192.168.1.66 25
192.168.1.66 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.66 192.168.1.66 25
224.0.0.0 240.0.0.0 192.168.1.66 192.168.1.66 25
255.255.255.255 255.255.255.255 192.168.1.66 10004 1
255.255.255.255 255.255.255.255 192.168.1.66 192.168.1.66 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/14/2012 01:23:27 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4410, faulting module npswf32.dll, version 10.2.152.32, fault address 0x0037eb80.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/14/2012 00:10:43 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4410, faulting module npswf32.dll, version 10.2.152.32, fault address 0x003d78ef.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/13/2012 11:37:19 PM) (Source: Application Error) (User: )
Description: Fault bucket -1480328790.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/13/2012 11:27:04 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4410, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/12/2012 11:23:52 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4410, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/12/2012 11:07:52 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4363, faulting module npswf32.dll, version 10.2.152.32, fault address 0x003f4e1d.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/11/2012 05:31:00 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4363, faulting module npswf32.dll, version 10.2.152.32, fault address 0x003d74af.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/11/2012 02:46:56 PM) (Source: Application Error) (User: )
Description: Faulting application desktopweather.exe, version 6.0.0.16, faulting module desktopweather.exe, version 6.0.0.16, fault address 0x0000513c.
Processing media-specific event for [desktopweather.exe!ws!]

Error: (02/11/2012 02:46:20 PM) (Source: Application Error) (User: )
Description: Fault bucket 00536409.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/11/2012 02:42:40 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)


System errors:
=============
Error: (02/14/2012 07:05:53 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 07:00:34 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 07:00:34 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 07:00:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgtdix

Error: (02/14/2012 06:59:36 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/14/2012 06:44:23 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 05:44:22 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 04:44:05 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 04:38:33 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2

Error: (02/14/2012 04:38:33 PM) (Source: Service Control Manager) (User: )
Description: The AVG TDI Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/14/2012 01:23:27 AM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4410npswf32.dll10.2.152.320037eb80

Error: (02/14/2012 00:10:43 AM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4410npswf32.dll10.2.152.32003d78ef

Error: (02/13/2012 11:37:19 PM) (Source: Application Error)(User: )
Description: -1480328790

Error: (02/13/2012 11:27:04 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4410ntdll.dll5.1.2600.60550000100b

Error: (02/12/2012 11:23:52 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4410ntdll.dll5.1.2600.60550000100b

Error: (02/12/2012 11:07:52 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4363npswf32.dll10.2.152.32003f4e1d

Error: (02/11/2012 05:31:00 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4363npswf32.dll10.2.152.32003d74af

Error: (02/11/2012 02:46:56 PM) (Source: Application Error)(User: )
Description: desktopweather.exe6.0.0.16desktopweather.exe6.0.0.160000513c

Error: (02/11/2012 02:46:20 PM) (Source: Application Error)(User: )
Description: 00536409

Error: (02/11/2012 02:42:40 PM) (Source: Application Error)(User: )
Description: svchost.exe0.0.0.0unknown0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Atheros Wireless LAN MiniPCI/PCIe card Driver (Version: 1.29.000)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5173)
ATI Display Driver (Version: 8.202-051201a2-029175C-Toshiba)
AVG 2012 (Version: 12.0.1809)
AVG 2012 (Version: 12.0.1831)
AVG 2012 (Version: 12.0.1869)
AVG 2012 (Version: 12.0.1872)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2085)
AVG 2012 (Version: 12.0.2092)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924)
ccc-Branding (Version: 1.00.0000)
ccc-core-preinstall (Version: 2007.0621.1715.28924)
ccc-core-static (Version: 2007.0621.1715.28924)
ccc-utility (Version: 2007.0621.1715.28924)
CCC Help English (Version: 2007.0621.1714.28924)
CCleaner (Version: 3.03)
CDBurnerXP (Version: 4.3.7.2316)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Defraggler (Version: 2.02)
Device Doctor
DivX Setup (Version: 2.5.0.15)
Google Chrome (Version: 17.0.963.46)
Google Update Helper (Version: 1.3.21.79)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 10.0.1 (x86 en-US) (Version: 10.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.5919)
RealUpgrade 1.1 (Version: 1.1.0)
SUPERAntiSpyware (Version: 4.48.1000)
The Weather Channel Desktop 6
The Weather Channel Screensaver
TOSHIBA Software Modem (Version: 2.1.63 (SM2163ALD02))
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 76%
Total physical RAM: 702.02 MB
Available physical RAM: 165.96 MB
Total Pagefile: 1336.73 MB
Available Pagefile: 576.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.34 GB) (Free:55.36 GB) NTFS

========================= Users: ========================================

User accounts for \\PCHOME

Administrator ASPNET Guest
HelpAssistant New user New user (01)
O Owner SUPPORT_388945a0


**** End of log ****

#5 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 08:34 PM

OK, once I finished the TDSSKiller scan, I have 4 options: Skip, Copy to Quarantine, Cure, and Restore. Should Skip be the option I choose, from what you said in your earlier post?

#6 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 08:45 PM

Never mind, I see what you said. I let it continue with Cure, and it asked me to reboot it, so I did. Now where do I find the report?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:21 AM

Posted 14 February 2012 - 08:48 PM

Select (Cure or Delete) for malicious objects.
Select (Skip, by default) for suspicious objects .


•Click on Report and post (copy/paste)the contents of the text file that will open.

Edited by boopme, 14 February 2012 - 08:49 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 08:52 PM

It won't let me copy & paste. Should I do it again, or do I need to just type it out?

#9 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 09:06 PM

Oh wait, never mind, it was in my C disk, as you said. Here it is:

19:43:53.0687 3436 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
19:43:54.0296 3436 ============================================================
19:43:54.0296 3436 Current date / time: 2012/02/14 19:43:54.0296
19:43:54.0296 3436 SystemInfo:
19:43:54.0296 3436
19:43:54.0296 3436 OS Version: 5.1.2600 ServicePack: 3.0
19:43:54.0296 3436 Product type: Workstation
19:43:54.0296 3436 ComputerName: PCHOME
19:43:54.0296 3436 UserName: Owner
19:43:54.0296 3436 Windows directory: C:\WINDOWS
19:43:54.0296 3436 System windows directory: C:\WINDOWS
19:43:54.0296 3436 Processor architecture: Intel x86
19:43:54.0296 3436 Number of processors: 1
19:43:54.0296 3436 Page size: 0x1000
19:43:54.0296 3436 Boot type: Normal boot
19:43:54.0296 3436 ============================================================
19:43:57.0609 3436 Drive \Device\Harddisk0\DR0 - Size: 0x1296055200 (74.34 Gb), SectorSize: 0x200, Cylinders: 0x25E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:43:57.0625 3436 \Device\Harddisk0\DR0:
19:43:57.0625 3436 MBR used
19:43:57.0625 3436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94AC3A9
19:43:57.0625 3436 Initialize success
19:43:57.0625 3436 ============================================================
19:56:40.0531 3428 Deinitialize success

If this isn't the right one, let me know

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:21 AM

Posted 14 February 2012 - 09:14 PM

Yeah doesn't look right ... at the bottom it should show what it found and the actions taken.

Edited by boopme, 14 February 2012 - 09:15 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 09:21 PM

There's another report, but it looks to be almost the same. Anyway, here it is:

19:30:25.0500 3516 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
19:30:26.0187 3516 ============================================================
19:30:26.0187 3516 Current date / time: 2012/02/14 19:30:26.0187
19:30:26.0187 3516 SystemInfo:
19:30:26.0187 3516
19:30:26.0187 3516 OS Version: 5.1.2600 ServicePack: 3.0
19:30:26.0187 3516 Product type: Workstation
19:30:26.0187 3516 ComputerName: PCHOME
19:30:26.0187 3516 UserName: Owner
19:30:26.0187 3516 Windows directory: C:\WINDOWS
19:30:26.0187 3516 System windows directory: C:\WINDOWS
19:30:26.0187 3516 Processor architecture: Intel x86
19:30:26.0187 3516 Number of processors: 1
19:30:26.0187 3516 Page size: 0x1000
19:30:26.0187 3516 Boot type: Normal boot
19:30:26.0187 3516 ============================================================
19:30:31.0093 3516 Drive \Device\Harddisk0\DR0 - Size: 0x1296055200 (74.34 Gb), SectorSize: 0x200, Cylinders: 0x25E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:30:31.0140 3516 \Device\Harddisk0\DR0:
19:30:31.0140 3516 MBR used
19:30:31.0140 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94AC3A9
19:30:31.0203 3516 Initialize success
19:30:31.0203 3516 ============================================================
19:30:37.0687 0752 ============================================================
19:30:37.0687 0752 Scan started
19:30:37.0687 0752 Mode: Manual;
19:30:37.0687 0752 ============================================================
19:30:38.0015 0752 .avgtdix - ok
19:30:38.0187 0752 Abiosdsk - ok
19:30:38.0234 0752 abp480n5 - ok
19:30:38.0343 0752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:30:38.0343 0752 ACPI - ok
19:30:38.0406 0752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:30:38.0406 0752 ACPIEC - ok
19:30:38.0421 0752 adpu160m - ok
19:30:38.0484 0752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:30:38.0484 0752 aec - ok
19:30:38.0625 0752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:30:38.0656 0752 AFD - ok
19:30:38.0781 0752 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:30:38.0843 0752 AgereSoftModem - ok
19:30:38.0984 0752 Aha154x - ok
19:30:39.0015 0752 aic78u2 - ok
19:30:39.0062 0752 aic78xx - ok
19:30:39.0109 0752 AliIde - ok
19:30:39.0234 0752 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:30:39.0343 0752 Ambfilt - ok
19:30:39.0390 0752 amsint - ok
19:30:39.0515 0752 AR5211 (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
19:30:39.0531 0752 AR5211 - ok
19:30:39.0546 0752 asc - ok
19:30:39.0562 0752 asc3350p - ok
19:30:39.0578 0752 asc3550 - ok
19:30:39.0671 0752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:30:39.0671 0752 AsyncMac - ok
19:30:39.0828 0752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:30:39.0828 0752 atapi - ok
19:30:39.0843 0752 Atdisk - ok
19:30:39.0968 0752 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:30:40.0046 0752 ati2mtag - ok
19:30:40.0109 0752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:40.0109 0752 Atmarpc - ok
19:30:40.0171 0752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:40.0171 0752 audstub - ok
19:30:40.0375 0752 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:30:40.0375 0752 AVGIDSDriver - ok
19:30:40.0515 0752 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:30:40.0515 0752 AVGIDSEH - ok
19:30:40.0578 0752 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:30:40.0578 0752 AVGIDSFilter - ok
19:30:40.0656 0752 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:30:40.0671 0752 AVGIDSShim - ok
19:30:40.0781 0752 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:30:40.0796 0752 Avgldx86 - ok
19:30:40.0812 0752 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:30:40.0812 0752 Avgmfx86 - ok
19:30:40.0875 0752 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:30:40.0875 0752 Avgrkx86 - ok
19:30:40.0937 0752 Avgtdix - ok
19:30:41.0421 0752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:30:41.0421 0752 Beep - ok
19:30:41.0546 0752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:41.0546 0752 cbidf2k - ok
19:30:41.0593 0752 cd20xrnt - ok
19:30:41.0625 0752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:41.0625 0752 Cdaudio - ok
19:30:41.0718 0752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:41.0718 0752 Cdfs - ok
19:30:41.0796 0752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:30:41.0796 0752 Cdrom - ok
19:30:41.0812 0752 Changer - ok
19:30:41.0890 0752 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:30:41.0890 0752 CmBatt - ok
19:30:42.0000 0752 CmdIde - ok
19:30:42.0234 0752 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:30:42.0250 0752 Compbatt - ok
19:30:42.0375 0752 Cpqarray - ok
19:30:42.0406 0752 dac2w2k - ok
19:30:42.0421 0752 dac960nt - ok
19:30:42.0484 0752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:42.0500 0752 Disk - ok
19:30:42.0578 0752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:30:42.0609 0752 dmboot - ok
19:30:42.0718 0752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:30:42.0718 0752 dmio - ok
19:30:42.0796 0752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:30:42.0796 0752 dmload - ok
19:30:42.0859 0752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:30:42.0859 0752 DMusic - ok
19:30:42.0953 0752 dpti2o - ok
19:30:43.0000 0752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:43.0000 0752 drmkaud - ok
19:30:43.0171 0752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:43.0171 0752 Fastfat - ok
19:30:43.0312 0752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:30:43.0312 0752 Fdc - ok
19:30:43.0375 0752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:30:43.0375 0752 Fips - ok
19:30:43.0390 0752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:30:43.0406 0752 Flpydisk - ok
19:30:43.0468 0752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:30:43.0484 0752 FltMgr - ok
19:30:43.0515 0752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:43.0515 0752 Fs_Rec - ok
19:30:43.0562 0752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:43.0562 0752 Ftdisk - ok
19:30:43.0718 0752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:43.0718 0752 Gpc - ok
19:30:43.0796 0752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:30:43.0796 0752 HDAudBus - ok
19:30:43.0906 0752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:43.0906 0752 HidUsb - ok
19:30:43.0921 0752 hpn - ok
19:30:44.0000 0752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:30:44.0015 0752 HTTP - ok
19:30:44.0109 0752 i2omgmt - ok
19:30:44.0140 0752 i2omp - ok
19:30:44.0171 0752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:30:44.0171 0752 i8042prt - ok
19:30:44.0218 0752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:30:44.0234 0752 Imapi - ok
19:30:44.0265 0752 ini910u - ok
19:30:44.0765 0752 IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:30:45.0109 0752 IntcAzAudAddService - ok
19:30:45.0125 0752 IntelIde - ok
19:30:45.0203 0752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:30:45.0203 0752 intelppm - ok
19:30:45.0250 0752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:30:45.0250 0752 Ip6Fw - ok
19:30:45.0359 0752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:30:45.0359 0752 IpFilterDriver - ok
19:30:45.0390 0752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:30:45.0390 0752 IpInIp - ok
19:30:45.0437 0752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:30:45.0437 0752 IpNat - ok
19:30:45.0468 0752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:30:45.0468 0752 IPSec - ok
19:30:45.0578 0752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:30:45.0593 0752 IRENUM - ok
19:30:45.0640 0752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:30:45.0640 0752 isapnp - ok
19:30:45.0718 0752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:30:45.0718 0752 Kbdclass - ok
19:30:45.0796 0752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:30:45.0796 0752 kbdhid - ok
19:30:45.0875 0752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:30:45.0875 0752 kmixer - ok
19:30:45.0984 0752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:30:46.0000 0752 KSecDD - ok
19:30:46.0031 0752 lbrtfdc - ok
19:30:46.0093 0752 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:30:46.0156 0752 MBAMSwissArmy - ok
19:30:46.0328 0752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:30:46.0328 0752 mnmdd - ok
19:30:46.0421 0752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:30:46.0421 0752 Modem - ok
19:30:46.0531 0752 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
19:30:46.0609 0752 Monfilt - ok
19:30:46.0718 0752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:30:46.0734 0752 Mouclass - ok
19:30:46.0796 0752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:30:46.0796 0752 mouhid - ok
19:30:46.0828 0752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:30:46.0828 0752 MountMgr - ok
19:30:46.0843 0752 mraid35x - ok
19:30:46.0875 0752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:30:46.0875 0752 MRxDAV - ok
19:30:46.0968 0752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:30:46.0968 0752 MRxSmb - ok
19:30:47.0109 0752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:30:47.0109 0752 Msfs - ok
19:30:47.0140 0752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:30:47.0140 0752 MSKSSRV - ok
19:30:47.0187 0752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:30:47.0203 0752 MSPCLOCK - ok
19:30:47.0250 0752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:30:47.0250 0752 MSPQM - ok
19:30:47.0296 0752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:30:47.0296 0752 mssmbios - ok
19:30:47.0390 0752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:30:47.0453 0752 Mup - ok
19:30:47.0531 0752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:30:47.0531 0752 NDIS - ok
19:30:47.0734 0752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:30:47.0734 0752 NdisTapi - ok
19:30:47.0765 0752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:30:47.0765 0752 Ndisuio - ok
19:30:47.0796 0752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:30:47.0796 0752 NdisWan - ok
19:30:47.0875 0752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:30:47.0875 0752 NDProxy - ok
19:30:47.0906 0752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:30:47.0906 0752 NetBIOS - ok
19:30:47.0953 0752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:30:47.0953 0752 NetBT - ok
19:30:48.0031 0752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:30:48.0031 0752 Npfs - ok
19:30:48.0078 0752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:30:48.0109 0752 Ntfs - ok
19:30:48.0187 0752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:30:48.0187 0752 Null - ok
19:30:48.0234 0752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:30:48.0234 0752 NwlnkFlt - ok
19:30:48.0265 0752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:30:48.0265 0752 NwlnkFwd - ok
19:30:48.0328 0752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:30:48.0328 0752 Parport - ok
19:30:48.0437 0752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:30:48.0437 0752 PartMgr - ok
19:30:48.0484 0752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:30:48.0484 0752 ParVdm - ok
19:30:48.0515 0752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:30:48.0515 0752 PCI - ok
19:30:48.0703 0752 PCIDump - ok
19:30:48.0859 0752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:30:48.0859 0752 PCIIde - ok
19:30:48.0906 0752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:30:48.0906 0752 Pcmcia - ok
19:30:48.0921 0752 PDCOMP - ok
19:30:48.0937 0752 PDFRAME - ok
19:30:48.0953 0752 PDRELI - ok
19:30:48.0984 0752 PDRFRAME - ok
19:30:49.0000 0752 perc2 - ok
19:30:49.0015 0752 perc2hib - ok
19:30:49.0109 0752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:30:49.0109 0752 PptpMiniport - ok
19:30:49.0125 0752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:30:49.0140 0752 PSched - ok
19:30:49.0187 0752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:30:49.0187 0752 Ptilink - ok
19:30:49.0218 0752 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:30:49.0250 0752 PxHelp20 - ok
19:30:49.0281 0752 ql1080 - ok
19:30:49.0296 0752 Ql10wnt - ok
19:30:49.0312 0752 ql12160 - ok
19:30:49.0328 0752 ql1240 - ok
19:30:49.0359 0752 ql1280 - ok
19:30:49.0390 0752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:30:49.0390 0752 RasAcd - ok
19:30:49.0468 0752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:30:49.0468 0752 Rasl2tp - ok
19:30:49.0500 0752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:30:49.0500 0752 RasPppoe - ok
19:30:49.0531 0752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:30:49.0531 0752 Raspti - ok
19:30:49.0578 0752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:30:49.0578 0752 Rdbss - ok
19:30:49.0609 0752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:30:49.0609 0752 RDPCDD - ok
19:30:49.0687 0752 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:30:49.0687 0752 RDPWD - ok
19:30:49.0750 0752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:30:49.0750 0752 redbook - ok
19:30:49.0921 0752 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:30:49.0937 0752 rtl8139 - ok
19:30:50.0093 0752 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:30:50.0093 0752 SASDIFSV - ok
19:30:50.0109 0752 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:30:50.0109 0752 SASKUTIL - ok
19:30:50.0250 0752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:30:50.0250 0752 Secdrv - ok
19:30:50.0312 0752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:30:50.0312 0752 Serial - ok
19:30:50.0359 0752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:30:50.0359 0752 Sfloppy - ok
19:30:50.0390 0752 Simbad - ok
19:30:50.0406 0752 Sparrow - ok
19:30:50.0484 0752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:30:50.0484 0752 splitter - ok
19:30:50.0578 0752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:30:50.0578 0752 sr - ok
19:30:50.0718 0752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:30:50.0734 0752 Srv - ok
19:30:50.0796 0752 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
19:30:50.0796 0752 StarOpen - ok
19:30:50.0843 0752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:30:50.0843 0752 swenum - ok
19:30:50.0968 0752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:30:50.0968 0752 swmidi - ok
19:30:50.0984 0752 symc810 - ok
19:30:51.0000 0752 symc8xx - ok
19:30:51.0031 0752 sym_hi - ok
19:30:51.0046 0752 sym_u3 - ok
19:30:51.0093 0752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:30:51.0093 0752 sysaudio - ok
19:30:51.0187 0752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:30:51.0203 0752 Tcpip - ok
19:30:51.0281 0752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:30:51.0281 0752 TDPIPE - ok
19:30:51.0390 0752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:30:51.0390 0752 TDTCP - ok
19:30:51.0437 0752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:30:51.0468 0752 TermDD - ok
19:30:51.0500 0752 TosIde - ok
19:30:51.0578 0752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:30:51.0578 0752 Udfs - ok
19:30:51.0656 0752 ultra - ok
19:30:51.0750 0752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:30:51.0765 0752 Update - ok
19:30:51.0843 0752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:30:51.0843 0752 usbccgp - ok
19:30:51.0906 0752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:30:51.0906 0752 usbehci - ok
19:30:51.0921 0752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:30:51.0921 0752 usbhub - ok
19:30:51.0953 0752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:30:51.0953 0752 usbohci - ok
19:30:52.0015 0752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:30:52.0031 0752 USBSTOR - ok
19:30:52.0062 0752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:30:52.0062 0752 VgaSave - ok
19:30:52.0078 0752 ViaIde - ok
19:30:52.0109 0752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:30:52.0109 0752 VolSnap - ok
19:30:52.0156 0752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:30:52.0156 0752 Wanarp - ok
19:30:52.0171 0752 WDICA - ok
19:30:52.0234 0752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:30:52.0250 0752 wdmaud - ok
19:30:52.0421 0752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:30:52.0437 0752 WudfPf - ok
19:30:52.0515 0752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:30:52.0515 0752 WudfRd - ok
19:30:52.0578 0752 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
19:30:52.0609 0752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:30:52.0609 0752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:30:52.0625 0752 Boot (0x1200) (20a322baf30abaa7c05be817caee125e) \Device\Harddisk0\DR0\Partition0
19:30:52.0625 0752 \Device\Harddisk0\DR0\Partition0 - ok
19:30:52.0625 0752 ============================================================
19:30:52.0625 0752 Scan finished
19:30:52.0625 0752 ============================================================
19:30:52.0656 4052 Detected object count: 1
19:30:52.0656 4052 Actual detected object count: 1
19:35:25.0734 4052 \Device\Harddisk0\DR0\# - copied to quarantine
19:35:25.0734 4052 \Device\Harddisk0\DR0 - copied to quarantine
19:35:25.0796 4052 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:35:25.0812 4052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:35:25.0828 4052 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:35:25.0828 4052 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
19:35:25.0843 4052 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:35:25.0875 4052 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:35:25.0906 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:35:25.0906 4052 \Device\Harddisk0\DR0 - ok
19:35:26.0078 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:35:36.0500 3172 Deinitialize success

If this still isn't right, tell me and I'll just scan it again

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:21 AM

Posted 14 February 2012 - 09:25 PM

Ahhh,, This is it

19:30:52.0656 4052 Detected object count: 1
19:30:52.0656 4052 Actual detected object count: 1
19:35:25.0734 4052 \Device\Harddisk0\DR0\# - copied to quarantine
19:35:25.0734 4052 \Device\Harddisk0\DR0 - copied to quarantine
19:35:25.0796 4052 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:35:25.0812 4052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:35:25.0828 4052 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:35:25.0828 4052 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
19:35:25.0843 4052 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:35:25.0859 4052 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:35:25.0875 4052 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:35:25.0906 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:35:25.0906 4052 \Device\Harddisk0\DR0 - ok
19:35:26.0078 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:35:36.0500 3172 Deinitialize success

This is a Rootkit and it was cured ON Reboot

Still rerun MBAM,please

Edited by boopme, 14 February 2012 - 09:26 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 09:29 PM

When I tried to open MBAM, I got a message saying:

The Malware Bytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:21 AM

Posted 14 February 2012 - 09:35 PM

This may be better..

You did reboot after TDSS??

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.

Edited by boopme, 14 February 2012 - 09:36 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:06:21 AM

Posted 14 February 2012 - 09:40 PM

Yeah, I restarted after TDSS

I'll try what you suggested




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users