BleepingComputer.com: Cannot connect to LAN. TDSS Killer Fails at 80%

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Cannot connect to LAN. TDSS Killer Fails at 80%

#1 User is offline   sbiggs 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 28-April 11

Posted 28 April 2011 - 12:39 PM

Lenovo T43 Laptop running XP SP3. It cannot connect to a local drive. "Network Connections" shows "Network cable Not Plugged In" even though it IS plugged in. Wireless will not connect either. If I try to run the latest version of TDSS Killer, it fails at 80% of the way thru the install.

I have run ComboFix and have attached the log.

No further action taken yet.

Thanks for fixing the post forum. Also, my apologies for running Combofix ahead of time. I am running DDS and GMER now and will attach those logs shortly.

Attached File(s)

  • Attached File  log.txt (21.96K)
    Number of downloads: 2

This post has been edited by sbiggs: 28 April 2011 - 01:46 PM
Reason for edit: Moved from XP to Malware Removal Logs.

#2 User is offline   sbiggs 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 28-April 11

Posted 28 April 2011 - 03:50 PM

DDS "DDS.TXT" FILE:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by wagarb at 16:01:59.92 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.973 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
FW: WatchGuard Mobile VPN Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\EMC IRM\Common\autoofflineprocess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\wagarb\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.ca/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm480YYMX&fl=0&ptb=yUsTHDpI1kxsgxGO4T5fAA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ControlCenter] "c:\program files\ibm fingerprint software\ctlcntr.exe" /startup
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\\ibmmessages.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCTRAY] c:\program files\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\wagarb\startm~1\programs\startup\irmoff~1.lnk - c:\program files\emc irm\common\autoofflineprocess.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236799349600
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2006-9-25 17792]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-3-23 14208]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-7 11608]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.SYS [2000-2-23 30366]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-2-23 10816]
R2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files\avira\avira security management center agent\agent.exe [2009-4-7 753921]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-4-7 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-7 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-4-7 421032]
R2 ASTSRV;ASTSRV;c:\windows\system32\Astsrv.exe [2008-3-12 57344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-7 61960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-19 54752]
R2 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2010-4-19 86016]
R2 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2010-4-19 1085960]
R2 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2010-4-19 32768]
R2 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2010-4-19 819712]
R2 SmiHlp;SMI helper driver;c:\program files\ibm fingerprint software\smihlp.sys [2005-4-12 3328]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [2010-4-19 81224]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-3-23 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S2 srv1034;srv1034;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1420;srv1420;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1498;srv1498;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv14C0;srv14C0;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1568;srv1568;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1604;srv1604;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1908;srv1908;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1B78;srv1B78;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1CD0;srv1CD0;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv1E50;srv1E50;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv834;srv834;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srv8B0;srv8B0;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 srvDB4;srvDB4;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2000-2-23 77880]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-29 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [2010-4-19 81224]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [2010-4-19 81224]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-3-23 12288]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-10-29 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-10-29 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-10-29 121856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2011-04-15 11:11:03 -------- d-----w- C:\AntiVirus AntiSpyware 2011
2011-04-14 17:00:05 -------- d-----w- C:\spoolerlogs
2011-04-14 11:14:08 -------- d-----w- c:\program files\W3i
.
==================== Find3M ====================
.
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541060G9AT00 rev.MB3IA60A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys >>UNKNOWN [0x8A35C6E7]<<
c:\windows\system32\drivers\iomdisk.sys Iomega Corporation Microsoft® Windows NT® Operating System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a3629d0]; MOV EAX, [0x8a362a4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x8A406AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EE120] -> [0x8A3D2AE0]
5 iomdisk[0xBA348BC3] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\0000009a[0x8A41D2A0]
7 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE120] -> [0x8A413940]
\Driver\atapi[0x8A40F950] -> IRP_MJ_CREATE -> 0x8A35C6E7
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { JMP 0x10; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A35C532
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:04:00.54 ===============

This post has been edited by sbiggs: 28 April 2011 - 03:54 PM

#3 User is offline   sbiggs 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 28-April 11

Posted 28 April 2011 - 04:56 PM

This machine is now fixed.

I was able to fix it following the instructions to fix the MBR here:

http://www.bleepingcomputer.com/forums/topic393131.html

THANK YOU!! :-)

#4 User is online   Budapest 

  • Bleepin' Cynic
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 22,235
  • Joined: 11-November 06
  • Gender:Male

Posted 28 April 2011 - 06:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users