Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
feromonic, on 08 April 2011 - 11:29 PM, said:
Ok .. I have some kind Of Virus that Redirects the F*** Out of My Computer If Im Clicking Links Or not It just decides Oh well You should Look at this or oh let me open a new tab and Look at this fake Virus scan ECT you guys Im sure know what Im talking about Also .. Its Way Choking Down My Net .. My Light Stays Pegged almost 24/7 Now Its Either Screwing with My Cursur Or its Just loading my CPU to the point of Lag .. It will Just randomly Freeze( this Has Just started to happen today) Or It Will BSOD (also Just started that today ) ( Ive been Fighting It for a few days Now ) It also Seems to be bringing In Trojans But that could I asume also Be from the redirects?? ... AVG Full Does Not Find It ... Spyware Terminator Does NOT find It .. I can NOT Find It ... Google-Fu Did Not help .. Maybe Someone Can Help ? Google Brought Me Here After 4-5 random BS links B4 Finally Working Lol.. I find It almost funny cause its driving Me Insane .. Not had One stump me like this In a very long time
Thanx
Thanx
Following Directions I received From Previous Post >>Here
DDS Log >>DDS (Ver_11-03-05.01) - NTFSx86
Run by Pammie Sue at 2:36:18.39 on Mon 04/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.141 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pammie Sue\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uSearch Page = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyServer = http=
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CubeDesktop]
uRun: [DesktopX] "c:\program files\stardock\object desktop\desktopx\DesktopX Builder.exe" -noui
uRun: [Google Update] "c:\documents and settings\pammie sue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VTTimer] VTTimer.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smcwus~1.lnk - c:\program files\smc\smcwusb-g 802.11g wireless usb 2.0 adapter\SMCWGUTI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\pammie sue\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - hxxp://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\pammie~1\applic~1\mozilla\firefox\profiles\uahp99ls.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\pammie sue\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\pammie sue\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\pammie sue\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {9F6E7F30-3B84-4813-8045-75BA70070FDD} - c:\documents and settings\pammie sue\local settings\application data\{9F6E7F30-3B84-4813-8045-75BA70070FDD}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Pink Fox: {e7348bc0-16f6-11de-8c30-0800200c9a66} - %profile%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
FF - Ext: BloodFire 3: bloodfire@example.com - %profile%\extensions\bloodfire@example.com
FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 296400]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-14 37056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2008-4-11 722432]
S1 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-14 308416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2010-8-15 371349]
S3 cpuz132;cpuz132;\??\c:\docume~1\pammie~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pammie~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2010-11-12 22304]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-7-12 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-12 8320]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041222.016\NAVENG.Sys [2004-12-25 72712]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041222.016\NavEx15.Sys [2004-12-25 629544]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-11-12 16640]
.
=============== Created Last 30 ================
.
2011-04-10 23:37:36 -------- d-----w- c:\program files\XviD
2011-04-10 23:37:30 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-10 23:37:06 -------- d-----w- c:\program files\AutoGK
2011-04-10 23:24:31 -------- d-----w- c:\docume~1\pammie~1\applic~1\HamsterSoft
2011-04-10 23:18:42 -------- d-----w- c:\program files\Hamster Soft
2011-04-10 23:12:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Xilisoft
2011-04-10 23:12:04 -------- d-----w- c:\program files\Xilisoft
2011-04-10 23:07:22 -------- d-----w- c:\docume~1\pammie~1\locals~1\applic~1\David_Dolinski
2011-04-10 23:04:46 -------- d-----w- c:\program files\Dado
2011-04-09 23:41:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-09 23:41:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-09 23:26:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 23:25:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 23:00:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-09 23:00:49 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-09 23:00:28 -------- d-----w- c:\program files\Easy CD-DA Extractor 2010
2011-04-09 19:01:28 54016 ----a-w- c:\windows\system32\drivers\loykh.sys
2011-04-09 15:21:18 -------- d-----w- c:\docume~1\pammie~1\applic~1\Malwarebytes
2011-04-09 15:17:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-09 15:17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 01:56:00 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-09 01:55:59 -------- d-----w- c:\program files\CPUID
2011-04-08 22:38:07 -------- d-----w- c:\program files\SpeedFan
2011-04-04 05:15:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-04 05:15:08 -------- d-----w- c:\docume~1\pammie~1\applic~1\Spyware Terminator
2011-04-04 05:14:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2011-04-04 05:13:58 -------- d-----w- c:\program files\Spyware Terminator
2011-03-29 01:34:32 -------- d-----w- c:\program files\Search Toolbar
2011-03-29 01:34:16 -------- d-----w- c:\program files\AvancePaint
2011-03-27 18:40:48 -------- d--h--w- C:\$AVG
2011-03-27 17:39:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-27 12:47:42 -------- d-----w- C:\b0ad1a916b9d005434
2011-03-21 01:39:57 -------- d-----w- c:\program files\Softube
2011-03-20 20:01:34 13545472 ----a-w- c:\windows\system32\SSL X-Verb Stereo.dll
2011-03-20 20:01:31 6569984 ----a-w- c:\windows\system32\SSL X-Eq Stereo.dll
2011-03-20 20:01:29 6569984 ----a-w- c:\windows\system32\SSL X-Eq Mono.dll
2011-03-20 20:01:27 6217728 ----a-w- c:\windows\system32\SSL X-Comp Stereo.dll
2011-03-20 20:01:24 6217728 ----a-w- c:\windows\system32\SSL X-Comp Mono.dll
2011-03-20 20:01:22 5079040 ----a-w- c:\windows\system32\SSL Vocalstrip Stereo.dll
2011-03-20 20:01:18 5074944 ----a-w- c:\windows\system32\SSL Vocalstrip Mono.dll
2011-03-20 20:01:14 5787648 ----a-w- c:\windows\system32\SSL Drumstrip Stereo.dll
2011-03-20 20:01:05 5783552 ----a-w- c:\windows\system32\SSL Drumstrip Mono.dll
2011-03-20 20:00:47 15695872 ----a-w- c:\windows\system32\SSL Channel Stereo.dll
2011-03-20 20:00:39 7122944 ----a-w- c:\windows\system32\SSL Bus Compressor Stereo.dll
2011-03-20 20:00:39 15687680 ----a-w- c:\windows\system32\SSL Channel Mono.dll
2011-03-20 20:00:37 7122944 ----a-w- c:\windows\system32\SSL Bus Compressor Mono.dll
2011-03-20 20:00:37 69632 ----a-w- c:\windows\system32\FxShared.dll
2011-03-20 20:00:37 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2011-03-20 19:59:36 -------- d-----w- c:\program files\Solid State Logic
2011-03-19 18:12:56 86016 ----a-w- c:\windows\unvise32.exe
2011-03-19 18:05:46 -------- d-----w- c:\docume~1\pammie~1\locals~1\applic~1\Native Instruments
2011-03-19 04:30:26 -------- d-----w- c:\program files\common files\Digidesign
2011-03-19 04:11:53 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2011-03-19 04:11:53 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-03-19 04:06:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Syncrosoft
2011-03-17 21:37:45 -------- d-----w- c:\program files\ASIO4ALL v2
2011-03-17 21:33:38 -------- d-----w- c:\program files\Outsim
2011-03-14 21:33:23 -------- d-----w- c:\docume~1\pammie~1\applic~1\Korg
2011-03-14 21:32:44 327680 ----a-r- c:\docume~1\pammie~1\applic~1\microsoft\installer\{aae4b36c-7a25-4513-975b-ace7437572a0}\NewShortcut1_A549AAA17D2C491197DB9A87E0B73412.exe
2011-03-14 21:32:40 -------- d-----w- c:\program files\KORG
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1203N rev.TL100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-24
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8376B439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x837717d0]; MOV EAX, [0x8377184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8378EAB8]
3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000007f[0x83760138]
5 ACPI[0xF74FE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8375AD98]
\Driver\atapi[0x8377C030] -> IRP_MJ_CREATE -> 0x8376B439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-1c -> \??\IDE#DiskSAMSUNG_SP1203N_________________________TL100-24#30535130314a5830383332353834202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8376B27F
user != kernel MBR !!!
sectors 234493054 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 2:41:39.76 ===============
Attached File(s)
-
Attach.zip (5.67K)
Number of downloads: 3
This post has been edited by heir: 11 April 2011 - 08:49 AM
Reason for edit: removing tags
Back to top
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
and check Remove found threats 
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
