Infected with Trojan Agent_r.XJ

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
←
1
2

You cannot start a new topic
This topic is locked

Infected with Trojan Agent_r.XJ Can't get rid of it

#16 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,103
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 09 May 2011 - 06:58 PM

I'm thinking there may be a rootkit holding the redirections

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

And then run aswMBR

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#17 chriswinsor

New Member

Group: Members
Posts: 10
Joined: 25-April 11

Posted 10 May 2011 - 11:02 AM

2011/05/10 11:54:55.0822 2064 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 11:54:56.0177 2064 ================================================================================
2011/05/10 11:54:56.0177 2064 SystemInfo:
2011/05/10 11:54:56.0177 2064
2011/05/10 11:54:56.0177 2064 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/10 11:54:56.0177 2064 Product type: Workstation
2011/05/10 11:54:56.0177 2064 ComputerName: CHRIS-PC
2011/05/10 11:54:56.0177 2064 UserName: Chris
2011/05/10 11:54:56.0177 2064 Windows directory: C:\Windows
2011/05/10 11:54:56.0177 2064 System windows directory: C:\Windows
2011/05/10 11:54:56.0177 2064 Processor architecture: Intel x86
2011/05/10 11:54:56.0177 2064 Number of processors: 4
2011/05/10 11:54:56.0177 2064 Page size: 0x1000
2011/05/10 11:54:56.0177 2064 Boot type: Normal boot
2011/05/10 11:54:56.0177 2064 ================================================================================
2011/05/10 11:54:56.0398 2064 Initialize success
2011/05/10 11:54:58.0155 2132 ================================================================================
2011/05/10 11:54:58.0155 2132 Scan started
2011/05/10 11:54:58.0155 2132 Mode: Manual;
2011/05/10 11:54:58.0155 2132 ================================================================================
2011/05/10 11:54:58.0553 2132 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/10 11:54:58.0588 2132 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 11:54:58.0618 2132 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 11:54:58.0643 2132 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/10 11:54:58.0666 2132 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 11:54:58.0752 2132 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/10 11:54:58.0817 2132 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/10 11:54:58.0836 2132 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/10 11:54:58.0857 2132 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/10 11:54:58.0890 2132 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/10 11:54:58.0916 2132 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/10 11:54:58.0943 2132 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/10 11:54:58.0972 2132 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 11:54:59.0038 2132 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/10 11:54:59.0071 2132 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 11:54:59.0119 2132 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 11:54:59.0141 2132 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/10 11:54:59.0229 2132 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/10 11:54:59.0285 2132 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/10 11:54:59.0321 2132 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 11:54:59.0357 2132 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/10 11:54:59.0383 2132 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/10 11:54:59.0450 2132 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/05/10 11:54:59.0495 2132 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/05/10 11:54:59.0561 2132 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/10 11:54:59.0581 2132 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/10 11:54:59.0613 2132 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/10 11:54:59.0625 2132 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/10 11:54:59.0665 2132 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 11:54:59.0730 2132 CAM1690 (4c6991f63424e0f94226893f4fbfcf11) C:\Windows\system32\Drivers\cam1690.sys
2011/05/10 11:54:59.0890 2132 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 11:54:59.0945 2132 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 11:54:59.0968 2132 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/10 11:54:59.0990 2132 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/10 11:55:00.0008 2132 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 11:55:00.0111 2132 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/10 11:55:00.0131 2132 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 11:55:00.0186 2132 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/10 11:55:00.0235 2132 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/05/10 11:55:00.0294 2132 CVPNDRVA (8a8f14cded7187c39ab31cb34c65bceb) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/05/10 11:55:00.0321 2132 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 11:55:00.0383 2132 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/10 11:55:00.0424 2132 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/05/10 11:55:00.0493 2132 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/10 11:55:00.0518 2132 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/10 11:55:00.0540 2132 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/10 11:55:00.0626 2132 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 11:55:00.0703 2132 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 11:55:00.0762 2132 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/10 11:55:00.0823 2132 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/10 11:55:00.0874 2132 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 11:55:00.0912 2132 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/10 11:55:00.0958 2132 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/10 11:55:00.0981 2132 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 11:55:01.0019 2132 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/10 11:55:01.0088 2132 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 11:55:01.0121 2132 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 11:55:01.0150 2132 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/10 11:55:01.0177 2132 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 11:55:01.0235 2132 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 11:55:01.0275 2132 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 11:55:01.0319 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/10 11:55:01.0354 2132 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/05/10 11:55:01.0467 2132 HCW85BDA (ac33be07397814a442dc305223de3524) C:\Windows\system32\drivers\HCW85BDA.sys
2011/05/10 11:55:01.0563 2132 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/10 11:55:01.0616 2132 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/10 11:55:01.0661 2132 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 11:55:01.0705 2132 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/10 11:55:01.0740 2132 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/05/10 11:55:01.0785 2132 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/10 11:55:01.0836 2132 HSF_DP (eb2991bfa5069e833a79b8766919fc94) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/05/10 11:55:01.0862 2132 HSXHWBS3 (1884b7793d5de4d9e63d5db5223f2258) C:\Windows\system32\DRIVERS\HSXHWBS3.sys
2011/05/10 11:55:01.0921 2132 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 11:55:01.0956 2132 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/10 11:55:02.0023 2132 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/10 11:55:02.0080 2132 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\drivers\iastor.sys
2011/05/10 11:55:02.0105 2132 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/10 11:55:02.0130 2132 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 11:55:02.0206 2132 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/10 11:55:02.0292 2132 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/10 11:55:02.0328 2132 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/10 11:55:02.0360 2132 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 11:55:02.0400 2132 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/10 11:55:02.0423 2132 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/10 11:55:02.0462 2132 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/10 11:55:02.0480 2132 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 11:55:02.0561 2132 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/10 11:55:02.0596 2132 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/10 11:55:02.0621 2132 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/10 11:55:02.0649 2132 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/10 11:55:02.0666 2132 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/10 11:55:02.0695 2132 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 11:55:02.0740 2132 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/10 11:55:02.0796 2132 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 11:55:02.0847 2132 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 11:55:02.0860 2132 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 11:55:02.0900 2132 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 11:55:02.0954 2132 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/10 11:55:03.0025 2132 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/05/10 11:55:03.0130 2132 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/05/10 11:55:03.0172 2132 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/10 11:55:03.0228 2132 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/10 11:55:03.0291 2132 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/10 11:55:03.0331 2132 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/10 11:55:03.0352 2132 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/10 11:55:03.0391 2132 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 11:55:03.0416 2132 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 11:55:03.0430 2132 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/05/10 11:55:03.0476 2132 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 11:55:03.0529 2132 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/10 11:55:03.0547 2132 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 11:55:03.0581 2132 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/10 11:55:03.0600 2132 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 11:55:03.0625 2132 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 11:55:03.0656 2132 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 11:55:03.0720 2132 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 11:55:03.0753 2132 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/10 11:55:03.0772 2132 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 11:55:03.0809 2132 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 11:55:03.0836 2132 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 11:55:03.0868 2132 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 11:55:03.0933 2132 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 11:55:03.0971 2132 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 11:55:04.0007 2132 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 11:55:04.0030 2132 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/10 11:55:04.0064 2132 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 11:55:04.0096 2132 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/10 11:55:04.0172 2132 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 11:55:04.0216 2132 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/10 11:55:04.0243 2132 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 11:55:04.0261 2132 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 11:55:04.0290 2132 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 11:55:04.0305 2132 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 11:55:04.0863 2132 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 11:55:04.0918 2132 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 11:55:04.0974 2132 NetPeeker (18b5b40ef9b68433e92d13bb43063e4f) C:\Windows\System32\Drivers\NetPeeker.sys
2011/05/10 11:55:05.0037 2132 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 11:55:05.0068 2132 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 11:55:05.0099 2132 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 11:55:05.0157 2132 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 11:55:05.0244 2132 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/10 11:55:05.0266 2132 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/10 11:55:05.0477 2132 nvlddmkm (57d3a8241b13a34ded58db36331223ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/10 11:55:05.0806 2132 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 11:55:05.0834 2132 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 11:55:05.0898 2132 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 11:55:05.0977 2132 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/10 11:55:06.0019 2132 PAEAFLT.sys (301e92ce7fb606f94f124a76d8145622) C:\Windows\system32\DRIVERS\PAEAFLT.sys
2011/05/10 11:55:06.0086 2132 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/10 11:55:06.0122 2132 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 11:55:06.0141 2132 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/10 11:55:06.0164 2132 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/10 11:55:06.0181 2132 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/10 11:55:06.0201 2132 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/10 11:55:06.0277 2132 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/10 11:55:06.0363 2132 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 11:55:06.0377 2132 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/10 11:55:06.0412 2132 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/05/10 11:55:06.0435 2132 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 11:55:06.0505 2132 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 11:55:06.0533 2132 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 11:55:06.0578 2132 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 11:55:06.0607 2132 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 11:55:06.0626 2132 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 11:55:06.0696 2132 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 11:55:06.0727 2132 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 11:55:06.0755 2132 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 11:55:06.0770 2132 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 11:55:06.0838 2132 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/10 11:55:06.0853 2132 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 11:55:06.0881 2132 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 11:55:06.0998 2132 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 11:55:07.0055 2132 RTL8169 (c347a3cde57077056e7e73d3498f7d7d) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/10 11:55:07.0095 2132 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/05/10 11:55:07.0133 2132 RTL8192U (21ba003b81daee77c8c6756f0b49b17c) C:\Windows\system32\DRIVERS\RTL8192u.sys
2011/05/10 11:55:07.0200 2132 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/05/10 11:55:07.0236 2132 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 11:55:07.0302 2132 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/10 11:55:07.0354 2132 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 11:55:07.0408 2132 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/10 11:55:07.0452 2132 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/10 11:55:07.0515 2132 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 11:55:07.0563 2132 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 11:55:07.0575 2132 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 11:55:07.0589 2132 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 11:55:07.0606 2132 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 11:55:07.0627 2132 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/10 11:55:07.0665 2132 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/10 11:55:07.0715 2132 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 11:55:07.0750 2132 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 11:55:07.0826 2132 SPC230NC (2265d43d44cf9695c050e3b58f05295b) C:\Windows\system32\DRIVERS\SPC230NC.SYS
2011/05/10 11:55:07.0878 2132 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/05/10 11:55:07.0913 2132 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/10 11:55:07.0957 2132 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/10 11:55:08.0025 2132 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 11:55:08.0058 2132 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 11:55:08.0083 2132 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 11:55:08.0136 2132 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/10 11:55:08.0169 2132 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/10 11:55:08.0190 2132 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/10 11:55:08.0240 2132 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/10 11:55:08.0269 2132 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/10 11:55:08.0299 2132 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/10 11:55:08.0343 2132 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 11:55:08.0374 2132 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 11:55:08.0397 2132 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 11:55:08.0423 2132 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 11:55:08.0448 2132 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 11:55:08.0516 2132 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 11:55:08.0544 2132 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/10 11:55:08.0587 2132 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 11:55:08.0614 2132 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/10 11:55:08.0672 2132 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 11:55:08.0698 2132 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 11:55:08.0753 2132 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 11:55:08.0817 2132 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 11:55:08.0844 2132 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/10 11:55:08.0877 2132 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/10 11:55:08.0895 2132 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/10 11:55:08.0913 2132 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 11:55:09.0021 2132 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/10 11:55:09.0048 2132 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 11:55:09.0122 2132 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 11:55:09.0194 2132 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/10 11:55:09.0221 2132 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/10 11:55:09.0241 2132 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 11:55:09.0256 2132 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/10 11:55:09.0280 2132 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/10 11:55:09.0318 2132 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 11:55:09.0369 2132 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/10 11:55:09.0404 2132 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/10 11:55:09.0443 2132 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 11:55:09.0471 2132 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/10 11:55:09.0505 2132 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/10 11:55:09.0524 2132 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/10 11:55:09.0577 2132 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/10 11:55:09.0597 2132 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 11:55:09.0619 2132 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 11:55:09.0666 2132 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 11:55:09.0724 2132 vpnva (174268d44b24ecc79119634142f908ab) C:\Windows\system32\DRIVERS\vpnva.sys
2011/05/10 11:55:09.0761 2132 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 11:55:09.0829 2132 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 11:55:09.0856 2132 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 11:55:09.0873 2132 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 11:55:09.0906 2132 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/10 11:55:09.0932 2132 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 11:55:09.0995 2132 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/10 11:55:10.0088 2132 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/10 11:55:10.0138 2132 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/10 11:55:10.0183 2132 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/10 11:55:10.0204 2132 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 11:55:10.0249 2132 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 11:55:10.0313 2132 XAudio (8aec47366a9e8fdcdc35b93101677288) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/10 11:55:10.0370 2132 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/10 11:55:10.0382 2132 ================================================================================
2011/05/10 11:55:10.0382 2132 Scan finished
2011/05/10 11:55:10.0382 2132 ================================================================================
2011/05/10 11:55:10.0390 1596 Detected object count: 1
2011/05/10 11:55:24.0630 1596 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/10 11:55:24.0631 1596 \HardDisk0 - ok
2011/05/10 11:55:24.0631 1596 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/10 11:55:41.0107 5720 Deinitialize success

asMBR
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-10 12:01:00
-----------------------------
12:01:00.524 OS Version: Windows 6.0.6002 Service Pack 2
12:01:00.524 Number of processors: 4 586 0xF0B
12:01:00.525 ComputerName: CHRIS-PC UserName: Chris
12:01:24.142 Initialize success
12:01:30.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:01:30.626 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
12:01:30.627 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:01:30.629 Disk 1 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
12:01:30.638 Disk 0 MBR read successfully
12:01:30.640 Disk 0 MBR scan
12:01:30.642 Disk 0 unknown MBR code
12:01:30.646 Disk 0 scanning sectors +976768065
12:01:30.679 Disk 0 scanning C:\Windows\system32\drivers
12:01:35.425 Service scanning
12:01:37.432 Disk 0 trace - called modules:
12:01:37.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:01:37.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7d1a0]
12:01:37.459 3 CLASSPNP.SYS[8afa28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861c1030]
12:01:37.463 Scan finished successfully
12:01:55.123 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
12:01:55.126 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

#18 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,103
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 10 May 2011 - 05:17 PM

Yes, TDSS is involved. I note that the MBR (master boot record) is not being recognised. That doesn't mean that there's a problem but we need to check.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Has the redirecting stopped now?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#19 chriswinsor

New Member

Group: Members
Posts: 10
Joined: 25-April 11

Posted 10 May 2011 - 09:51 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KJ295AA-A2L m8425f
Logical Drives Mask: 0x000017bc

Kernel Drivers (total 145):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E04000 \SystemRoot\system32\drivers\iastor.sys
0x82ECB000 \SystemRoot\system32\drivers\fltmgr.sys
0x82EFD000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F0D000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x82F1C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83805000 \SystemRoot\system32\drivers\ndis.sys
0x83910000 \SystemRoot\system32\drivers\msrpc.sys
0x8393B000 \SystemRoot\system32\drivers\NETIO.SYS
0x83A01000 \SystemRoot\System32\drivers\tcpip.sys
0x83AEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF1C000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF55000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF5D000 \SystemRoot\system32\speedfan.sys
0x8AF5F000 \SystemRoot\System32\Drivers\mup.sys
0x8AF6E000 \SystemRoot\system32\giveio.sys
0x8AF6F000 \SystemRoot\System32\drivers\ecache.sys
0x8AF96000 \SystemRoot\system32\drivers\disk.sys
0x8AFA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFC8000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFDE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83BCD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F12D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F1CD000 \SystemRoot\System32\drivers\watchdog.sys
0x8F1D9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x83976000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F490000 \SystemRoot\system32\DRIVERS\HSXHWBS3.sys
0x8F4CD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F4F7000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x8F803000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F8B8000 \SystemRoot\system32\drivers\modem.sys
0x8FA0E000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x8FB6F000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8FB72000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FB8E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FB9E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FBAC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FBBF000 \SystemRoot\system32\DRIVERS\PS2.sys
0x8FBC4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FBCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FBDA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBF2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F8C5000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x9000E000 \SystemRoot\system32\DRIVERS\serscan.sys
0x90016000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90045000 \SystemRoot\system32\DRIVERS\storport.sys
0x90086000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90091000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x900A8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x900B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x900D6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x900E5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x900F9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9010E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9011E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90120000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9012A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90137000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9016C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9103D000 \SystemRoot\system32\drivers\portcls.sys
0x9106A000 \SystemRoot\system32\drivers\drmk.sys
0x9108F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91098000 \SystemRoot\System32\Drivers\Null.SYS
0x9109F000 \SystemRoot\System32\Drivers\Beep.SYS
0x910A6000 \SystemRoot\System32\drivers\vga.sys
0x910B2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x910D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x910DB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x910E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x910EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x910FC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x911B1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x911C7000 \SystemRoot\system32\DRIVERS\smb.sys
0x91105000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91137000 \SystemRoot\system32\drivers\afd.sys
0x9117F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91195000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x9119F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x911DB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x911EE000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x9017D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x901B9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x901C3000 \SystemRoot\System32\Drivers\dfsc.sys
0x901DA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8FEC7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x911FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95620000 \SystemRoot\System32\win32k.sys
0x8FEDC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FEE6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FEFD000 \SystemRoot\system32\drivers\usbaudio.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95840000 \SystemRoot\System32\TSDDD.dll
0x95860000 \SystemRoot\System32\ATMFD.DLL
0x8FF1E000 \SystemRoot\system32\drivers\luafv.sys
0x958B0000 \SystemRoot\System32\cdd.dll
0x8FF39000 \SystemRoot\system32\drivers\spsys.sys
0x8FFE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F8E4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FFF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x901E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8F90E000 \SystemRoot\system32\drivers\HTTP.sys
0x8F97B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8F998000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8F9B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F9C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x83BDC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x83B06000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8F9E7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x83B3F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x83B67000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FE0B000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9FE9B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9FE9F000 \SystemRoot\system32\drivers\peauth.sys
0x9FF7D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FF87000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FF93000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9FF9B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9FFB0000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9FFC2000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9FFC7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B30000 \Windows\System32\ntdll.dll

Processes (total 80):
0 System Idle Process
4 System
620 C:\Windows\System32\smss.exe
696 csrss.exe
744 C:\Windows\System32\wininit.exe
756 csrss.exe
788 C:\Windows\System32\services.exe
800 C:\Windows\System32\lsass.exe
812 C:\Windows\System32\lsm.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\nvvsvc.exe
1040 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1148 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1196 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1256 C:\Windows\System32\winlogon.exe
1304 C:\Windows\System32\SLsvc.exe
1344 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1616 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1716 C:\Windows\System32\rundll32.exe
1848 C:\Windows\System32\spoolsv.exe
1884 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\dwm.exe
1956 C:\Windows\System32\taskeng.exe
328 C:\Windows\System32\taskeng.exe
1840 C:\Windows\explorer.exe
2212 C:\hp\support\hpsysdrv.exe
2236 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2268 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2280 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2344 C:\Windows\StiD1690.exe
2356 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2368 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2376 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2400 C:\Windows\Philips\SPC230NC\Monitor.exe
2424 C:\Windows\UMStor\Res.exe
2464 C:\Program Files\iTunes\iTunesHelper.exe
2492 C:\Windows\System32\rundll32.exe
2504 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
2528 C:\Windows\WindowsMobile\wmdc.exe
2560 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2616 C:\Windows\ehome\ehtray.exe
2672 C:\Windows\ehome\ehmsas.exe
2812 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2848 C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
3076 C:\Program Files\Bonjour\mDNSResponder.exe
3128 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3156 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3260 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
3324 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
3336 C:\Windows\System32\svchost.exe
3392 C:\Windows\System32\svchost.exe
3436 C:\Windows\System32\PnkBstrA.exe
3456 C:\Windows\System32\svchost.exe
3488 C:\Windows\System32\svchost.exe
3560 C:\Windows\System32\svchost.exe
3620 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3700 C:\Windows\System32\SearchIndexer.exe
3732 C:\Windows\System32\drivers\XAudio.exe
3868 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4064 WUDFHost.exe
1412 C:\Windows\System32\svchost.exe
2076 unsecapp.exe
2172 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1404 C:\Program Files\iPod\bin\iPodService.exe
2476 WmiPrvSE.exe
4144 C:\Windows\System32\svchost.exe
4492 C:\hp\KBD\kbd.exe
2800 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2888 C:\Windows\System32\wuauclt.exe
5520 C:\Program Files\Mozilla Firefox\firefox.exe
5908 C:\Program Files\Ventrilo\Ventrilo.exe
5536 C:\Windows\System32\SearchProtocolHost.exe
6036 C:\Windows\System32\SearchFilterHost.exe
6016 C:\Windows\explorer.exe
5416 C:\Windows\System32\conime.exe
960 C:\Users\Chris\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000072`1a78fa00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x0000003a`38500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA57A
PhysicalDrive1 Model Number: HitachiHDP725050GLA360, Rev: GM4OA57A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
465 GB \\.\PhysicalDrive1 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

It said there were problems but I just opened and closed.

It seems to have gone away, ill post again if it hasn't.
Also what free anti virus software should I be running?

#20 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,103
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 11 May 2011 - 04:52 PM

The MBR needs fixing.

Download NTBR_CD by noahdfear to the desktop.
Click on the NTBR_CD.exe to extract its contents to the desktop.
Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
Insert a blank CD when prompted. The .iso image will be burned to the CD.
Boot the computer with the CD you just burned and follow the prompts.
Press Enter for English.
At the menu type 1 to select MBRWORK then hit Enter

This screen will show the hard drive configuration.
Type 5 to Install standard MBR code then hit Enter
Type 1 to select Standard then hit Enter
Type Y then hit Enter to confirm
Type E then hit Enter to exit
Back at the menu, type 6 to Quit.
Press Ctrl+Alt+Del to restart the machine.
Eject the CD upon restart and boot normally.

Then please rerun MBRCheck and post the log.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#21 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,103
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 14 May 2011 - 08:58 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#22 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,103
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 16 May 2011 - 05:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)