Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect trojan or Malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 cougarman24

cougarman24

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 September 2010 - 06:46 PM

Hello. I have a trojan or malware that I have not been able to remove for a couple of weeks now. I have tried all the standard procedures as well as many if not all that I can find on this wonderful site...I'm not sure what the name of the trojan or malware is, but it is still on my computer. It seems to mainly be affecting my internet explorer and firefox. I am not certain if it is affecting much more although I am not able to get my windows updates either. Any help would be greatly appreciated. Thank you!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Shaun at 15:10:33.89 on Sat 09/18/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2147 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\D-Link\DWA-130\AirNCFG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Shaun\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Shaun\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [SansaDispatch] c:\documents and settings\shaun\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\neroph~1\data\xtras\mssysmgr.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [D-Link D-Link Wireless N DWA-130] c:\program files\d-link\dwa-130\AirNCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedRep

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 26 September 2010 - 07:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions. However, in the meantime please run DDS again - the log you posted is not complete.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 29 September 2010 - 01:39 PM

Hello Mole, I apologize that I have not responded to you until today. I apparently had not yet subscribed to my post as instructed. I will run the dds log and attach it this evening. Thank you for your assistance. It is much appreciated.

#4 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 29 September 2010 - 08:12 PM

Hello m0le. Thanks again for your time. here is the requested dds og again. looks more complete this time.






DDS (Ver_10-03-17.01) - NTFSx86
Run by Shaun at 18:37:00.82 on Wed 09/29/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\D-Link\DWA-130\AirNCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Shaun\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shaun\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: My Personal Homepage: {0538cf1c-8419-4800-adbb-0c00c799fda2} - c:\documents and settings\shaun\application data\genieo\application\ieplugins\bin\IEWrapper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [SansaDispatch] c:\documents and settings\shaun\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\neroph~1\data\xtras\mssysmgr.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [D-Link D-Link Wireless N DWA-130] c:\program files\d-link\dwa-130\AirNCFG.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?5602bc7f49aa406eb718e4fcae623833
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?5602bc7f49aa406eb718e4fcae623833
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} - hxxp://www.contentwatch.com/cleanup/includes/ContentCleanup3Proj1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1213664540984
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163272186187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134009971703
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39034.7724074074
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - hxxp://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shaun\applic~1\mozilla\firefox\profiles\oimapa4z.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\shaun\application data\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {FAFA4F6A-DDA1-4748-AF0A-406EFF042269} - c:\documents and settings\shaun\local settings\application data\{FAFA4F6A-DDA1-4748-AF0A-406EFF042269}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101061100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R? AvFlt;Antivirus Filter Driver
R? d347bus;d347bus
R? d347prt;d347prt
R? fsssvc;Windows Live Family Safety Service
R? SASENUM;SASENUM
R? SetupNTGLM7X;SetupNTGLM7X
R? Symantec Core LC;Symantec Core LC
R? xmvltas;xmvltas
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? cbVSCService;Cobian Backup 10 Volume Shadow Copy service
S? fssfltr;fssfltr
S? kbfilter;Keyboard Filter Driver
S? KodakSvc;Kodak AiO Device Service
S? PAC207;Basic Webcam
S? RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2010-09-28 16:02:07 120 ----a-w- c:\windows\Dvoqetofiwupu.dat
2010-09-28 16:02:07 0 ----a-w- c:\windows\Ibuloku.bin
2010-09-28 16:00:08 141 ----a-w- c:\docume~1\shaun\applic~1\jsdfgs.bat
2010-09-28 15:59:42 0 d-----w- c:\docume~1\shaun\applic~1\Genieo
2010-09-28 15:59:18 0 ----a-w- c:\windows\system32\drivers\xmvltas.sys
2010-09-28 15:59:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-09-18 14:22:50 0 d-----w- c:\program files\Cobian Backup 10
2010-09-17 02:58:29 52 ------w- c:\documents and settings\shaun\defogger_reenable
2010-09-16 04:20:09 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-09-16 04:11:44 0 d-----w- c:\windows\ERUNT
2010-09-16 03:53:08 3212 ----a-w- c:\windows\system32\tmp.reg
2010-09-16 03:43:07 0 d-----w- C:\SDFix
2010-09-16 03:35:12 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 03:38:59 0 d-----w- c:\program files\NoAdware4
2010-09-13 12:11:41 247 ----a-w- c:\windows\wininit.ini
2010-09-13 03:36:02 0 d-----w- c:\program files\SpywareBlaster
2010-08-31 05:06:31 0 d-----w- c:\docume~1\shaun\applic~1\Malwarebytes
2010-08-31 05:06:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 05:06:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 05:06:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 05:06:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-31 04:29:16 0 d-sha-r- C:\cmdcons
2010-08-31 04:25:51 98816 ----a-w- c:\windows\sed.exe
2010-08-31 04:25:51 77312 ----a-w- c:\windows\MBR.exe
2010-08-31 04:25:51 256512 ----a-w- c:\windows\PEV.exe
2010-08-31 04:25:51 161792 ----a-w- c:\windows\SWREG.exe
2010-08-31 04:12:05 0 d-----w- c:\program files\Trend Micro
2010-08-31 01:48:13 0 d-----w- c:\docume~1\shaun\applic~1\QuickScan

==================== Find3M ====================

2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2008-06-17 01:31:52 491768 ------w- c:\program files\ie6setup.exe
2008-06-17 02:35:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061620080617\index.dat

============= FINISH: 18:39:11.18 ===============



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 30 September 2010 - 05:34 PM

Please run MBRCheck and TDSSKiller

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

And then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#6 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 30 September 2010 - 08:12 PM

Hello. Here are the requested log files from the programs you asked me to run.
Here is the MBR log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0x8B070000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF73F0000 atapi.sys
0xF73D9000 nvatabus.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B9000 fltmgr.sys
0xF74F7000 PxHelp20.sys
0xF73A2000 KSecDD.sys
0xF738F000 WudfPf.sys
0xF7302000 Ntfs.sys
0xF72D5000 NDIS.sys
0xF72BB000 Mup.sys
0xF7567000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7943000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF5FFC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5AF9000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5AE5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5ABD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FEC000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7947000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7797000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF794B000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF779F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5AA9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF5FDC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7953000 \SystemRoot\System32\Drivers\kbfilter.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7957000 \SystemRoot\System32\Drivers\moufiltr.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF5A85000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF795B000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF5A45000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF5A12000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF5FBC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77C7000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF77CF000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xF79C5000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xF795F000 \SystemRoot\system32\drivers\pfc.sys
0xF5FAC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF5F9C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF59EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77D7000 \SystemRoot\system32\drivers\InCDRm.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xF77E7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF57B9000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5795000 \SystemRoot\system32\drivers\portcls.sys
0xF5F8C000 \SystemRoot\system32\drivers\drmk.sys
0xF7BD7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79DD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF782F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF797F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF577E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7577000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF576D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7597000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF780F000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF570F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7297000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEE251000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7CE000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xEDBD7000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xEDBC7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEEB8E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79B3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xECE57000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Beep.SYS
0xEEB7E000 \SystemRoot\System32\drivers\vga.sys
0xF79B7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF798D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xECF9A000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xAE76D000 \SystemRoot\system32\drivers\InCDFs.sys
0xEEB76000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE3DD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xECF96000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE75A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE701000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE6D9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE6B3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAE67B000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xEDBA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xECF82000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDB97000 \SystemRoot\system32\drivers\ip6fw.sys
0xAE659000 \SystemRoot\System32\drivers\afd.sys
0xEDB87000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE3D5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAE5E7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xEE3CD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAE5BC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDB77000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE524000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEDB67000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE417000 \SystemRoot\system32\DRIVERS\RTL8192u.sys
0xECF5E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xED04B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEE3C5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAE39B000 \SystemRoot\system32\DRIVERS\PFC027.SYS
0xED03B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xECF5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE379000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79C1000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xECF56000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xA6C2A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA61C8000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xA8C60000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE7AA000 \SystemRoot\System32\drivers\Dxapi.sys
0xECE02000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A78000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF0FC000 \SystemRoot\System32\atikvmag.dll
0xBF196000 \SystemRoot\System32\atiok3x2.dll
0xBF1FC000 \SystemRoot\System32\ati3duag.dll
0xBF55C000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA3020000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xED05B000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA300A000 \SystemRoot\system32\DRIVERS\irda.sys
0xAE5B4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2F2D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6704000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A2B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF4997000 \??\C:\WINDOWS\system32\ANIO.SYS
0xF79E7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA2CBC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF4848000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA28CD000 \SystemRoot\system32\DRIVERS\srv.sys
0xF777F000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xA2753000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xA1C3B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
952 C:\WINDOWS\system32\smss.exe
1012 csrss.exe
1056 C:\WINDOWS\system32\winlogon.exe
1104 C:\WINDOWS\system32\services.exe
1124 C:\WINDOWS\system32\lsass.exe
1328 C:\WINDOWS\system32\ati2evxx.exe
1352 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1564 C:\WINDOWS\system32\svchost.exe
1596 C:\Program Files\Ahead\InCD\InCDsrv.exe
1676 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
260 C:\WINDOWS\system32\ati2evxx.exe
336 C:\WINDOWS\system32\spoolsv.exe
488 C:\Program Files\Avira\AntiVir Desktop\sched.exe
540 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
984 C:\Program Files\Bonjour\mDNSResponder.exe
1520 C:\Program Files\Cobian Backup 10\cbVSCService.exe
1828 C:\WINDOWS\explorer.exe
620 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1860 C:\WINDOWS\system32\svchost.exe
2020 C:\Program Files\Java\jre6\bin\jqs.exe
568 C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
500 C:\WINDOWS\SOUNDMAN.EXE
788 C:\WINDOWS\PixArt\PAC207\Monitor.exe
844 C:\Program Files\D-Link\DWA-130\AirNCFG.exe
516 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
532 C:\Program Files\QuickTime\QTTask.exe
724 C:\Program Files\iTunes\iTunesHelper.exe
1164 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1752 C:\Documents and Settings\Shaun\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2064 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2136 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
2248 C:\Program Files\AWS\WeatherBug\Weather.exe
2560 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
2604 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2740 C:\Program Files\Windows Media Player\wmpnscfg.exe
2904 C:\WINDOWS\system32\ctfmon.exe
3020 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3412 C:\WINDOWS\system32\svchost.exe
4040 C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
480 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrojanSlayer.exe
780 C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
860 C:\WINDOWS\system32\wuauclt.exe
2524 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2692 C:\Program Files\iPod\bin\iPodService.exe
2464 alg.exe
2312 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2368 C:\Program Files\Mozilla Firefox\firefox.exe
3276 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3820 C:\WINDOWS\explorer.exe
1608 C:\Documents and Settings\Shaun\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-00MHB0, Rev: 02.01C03

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Here is the log for the tdsskiller.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0x8B070000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF73F0000 atapi.sys
0xF73D9000 nvatabus.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B9000 fltmgr.sys
0xF74F7000 PxHelp20.sys
0xF73A2000 KSecDD.sys
0xF738F000 WudfPf.sys
0xF7302000 Ntfs.sys
0xF72D5000 NDIS.sys
0xF72BB000 Mup.sys
0xF7567000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7943000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF5FFC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5AF9000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5AE5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5ABD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FEC000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7947000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7797000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF794B000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF779F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5AA9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF5FDC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7953000 \SystemRoot\System32\Drivers\kbfilter.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7957000 \SystemRoot\System32\Drivers\moufiltr.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF5A85000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF795B000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF5A45000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF5A12000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF5FBC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77C7000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF77CF000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xF79C5000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xF795F000 \SystemRoot\system32\drivers\pfc.sys
0xF5FAC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF5F9C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF59EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77D7000 \SystemRoot\system32\drivers\InCDRm.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xF77E7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF57B9000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5795000 \SystemRoot\system32\drivers\portcls.sys
0xF5F8C000 \SystemRoot\system32\drivers\drmk.sys
0xF7BD7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79DD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF782F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF797F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF577E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7577000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF576D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7597000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF780F000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF570F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7297000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEE251000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7CE000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xEDBD7000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xEDBC7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEEB8E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79B3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xECE57000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Beep.SYS
0xEEB7E000 \SystemRoot\System32\drivers\vga.sys
0xF79B7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF798D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xECF9A000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xAE76D000 \SystemRoot\system32\drivers\InCDFs.sys
0xEEB76000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE3DD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xECF96000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE75A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE701000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE6D9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE6B3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAE67B000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xEDBA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xECF82000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDB97000 \SystemRoot\system32\drivers\ip6fw.sys
0xAE659000 \SystemRoot\System32\drivers\afd.sys
0xEDB87000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE3D5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAE5E7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xEE3CD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAE5BC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDB77000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE524000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEDB67000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE417000 \SystemRoot\system32\DRIVERS\RTL8192u.sys
0xECF5E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xED04B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEE3C5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAE39B000 \SystemRoot\system32\DRIVERS\PFC027.SYS
0xED03B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xECF5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE379000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79C1000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xECF56000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xA6C2A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA61C8000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xA8C60000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE7AA000 \SystemRoot\System32\drivers\Dxapi.sys
0xECE02000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A78000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF0FC000 \SystemRoot\System32\atikvmag.dll
0xBF196000 \SystemRoot\System32\atiok3x2.dll
0xBF1FC000 \SystemRoot\System32\ati3duag.dll
0xBF55C000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA3020000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xED05B000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA300A000 \SystemRoot\system32\DRIVERS\irda.sys
0xAE5B4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2F2D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6704000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A2B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF4997000 \??\C:\WINDOWS\system32\ANIO.SYS
0xF79E7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA2CBC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF4848000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA28CD000 \SystemRoot\system32\DRIVERS\srv.sys
0xF777F000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xA2753000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xA1C3B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
952 C:\WINDOWS\system32\smss.exe
1012 csrss.exe
1056 C:\WINDOWS\system32\winlogon.exe
1104 C:\WINDOWS\system32\services.exe
1124 C:\WINDOWS\system32\lsass.exe
1328 C:\WINDOWS\system32\ati2evxx.exe
1352 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1564 C:\WINDOWS\system32\svchost.exe
1596 C:\Program Files\Ahead\InCD\InCDsrv.exe
1676 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
260 C:\WINDOWS\system32\ati2evxx.exe
336 C:\WINDOWS\system32\spoolsv.exe
488 C:\Program Files\Avira\AntiVir Desktop\sched.exe
540 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
984 C:\Program Files\Bonjour\mDNSResponder.exe
1520 C:\Program Files\Cobian Backup 10\cbVSCService.exe
1828 C:\WINDOWS\explorer.exe
620 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1860 C:\WINDOWS\system32\svchost.exe
2020 C:\Program Files\Java\jre6\bin\jqs.exe
568 C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
500 C:\WINDOWS\SOUNDMAN.EXE
788 C:\WINDOWS\PixArt\PAC207\Monitor.exe
844 C:\Program Files\D-Link\DWA-130\AirNCFG.exe
516 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
532 C:\Program Files\QuickTime\QTTask.exe
724 C:\Program Files\iTunes\iTunesHelper.exe
1164 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1752 C:\Documents and Settings\Shaun\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2064 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2136 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
2248 C:\Program Files\AWS\WeatherBug\Weather.exe
2560 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
2604 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2740 C:\Program Files\Windows Media Player\wmpnscfg.exe
2904 C:\WINDOWS\system32\ctfmon.exe
3020 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3412 C:\WINDOWS\system32\svchost.exe
4040 C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
480 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrojanSlayer.exe
780 C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
860 C:\WINDOWS\system32\wuauclt.exe
2524 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2692 C:\Program Files\iPod\bin\iPodService.exe
2464 alg.exe
2312 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2368 C:\Program Files\Mozilla Firefox\firefox.exe
3276 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3820 C:\WINDOWS\explorer.exe
1608 C:\Documents and Settings\Shaun\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-00MHB0, Rev: 02.01C03

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!








#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 01 October 2010 - 02:24 PM

You've posted the MBRCheck twice - that was clean (twice) tongue.gif . Post the TDSSKiller report please.
Posted Image
m0le is a proud member of UNITE

#8 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 October 2010 - 02:40 PM

Lets try this smile.gif

2010/09/30 19:01:09.0765 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 19:01:09.0765 ================================================================================
2010/09/30 19:01:09.0765 SystemInfo:
2010/09/30 19:01:09.0765
2010/09/30 19:01:09.0765 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/30 19:01:09.0765 Product type: Workstation
2010/09/30 19:01:09.0765 ComputerName: OFFICE
2010/09/30 19:01:09.0765 UserName: Shaun
2010/09/30 19:01:09.0765 Windows directory: C:\WINDOWS
2010/09/30 19:01:09.0765 System windows directory: C:\WINDOWS
2010/09/30 19:01:09.0765 Processor architecture: Intel x86
2010/09/30 19:01:09.0765 Number of processors: 2
2010/09/30 19:01:09.0765 Page size: 0x1000
2010/09/30 19:01:09.0765 Boot type: Normal boot
2010/09/30 19:01:09.0765 ================================================================================
2010/09/30 19:01:09.0906 Initialize success
2010/09/30 19:01:14.0828 ================================================================================
2010/09/30 19:01:14.0828 Scan started
2010/09/30 19:01:14.0828 Mode: Manual;
2010/09/30 19:01:14.0828 ================================================================================
2010/09/30 19:01:15.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/30 19:01:15.0375 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/30 19:01:15.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/30 19:01:15.0468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/30 19:01:15.0875 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/30 19:01:16.0343 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2010/09/30 19:01:16.0421 AnyDVD (b6b8f03c6dbd22f20f5c1c4620fe748d) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/09/30 19:01:16.0500 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/30 19:01:16.0718 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2010/09/30 19:01:16.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/30 19:01:16.0843 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/30 19:01:17.0062 ati2mtag (3e6878df6cedcd36957cc5776335fcc5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/30 19:01:17.0171 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/09/30 19:01:17.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/30 19:01:17.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/30 19:01:17.0656 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/30 19:01:17.0703 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/30 19:01:17.0750 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/30 19:01:17.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/30 19:01:18.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/30 19:01:18.0093 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/30 19:01:18.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/30 19:01:18.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/30 19:01:18.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/30 19:01:18.0578 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/09/30 19:01:18.0609 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
2010/09/30 19:01:18.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/30 19:01:18.0781 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/30 19:01:18.0859 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/30 19:01:19.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/30 19:01:19.0093 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/30 19:01:19.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/30 19:01:19.0265 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/09/30 19:01:19.0312 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/09/30 19:01:19.0375 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2010/09/30 19:01:19.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/30 19:01:19.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/30 19:01:19.0546 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/30 19:01:19.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/30 19:01:19.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/30 19:01:19.0781 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/09/30 19:01:19.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/30 19:01:19.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/30 19:01:19.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/30 19:01:20.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/30 19:01:20.0093 hamachi (2deb17cfff838cd3091753269959687b) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/09/30 19:01:20.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/30 19:01:20.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/30 19:01:20.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/30 19:01:20.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/30 19:01:20.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/30 19:01:20.0500 InCDFs (d075ec26f410e5fe1cc3688bcf78609f) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/09/30 19:01:20.0546 InCDPass (1267811f30ceccb72e97dc33742abea2) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/09/30 19:01:20.0593 InCDrec (bb4e2c719b745e27e55edbcb1230c205) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/09/30 19:01:20.0640 InCDRm (9589d693b003d2a4d044a2476a827e11) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/09/30 19:01:20.0718 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/30 19:01:20.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/30 19:01:20.0875 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/30 19:01:20.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/30 19:01:20.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/30 19:01:21.0015 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/30 19:01:21.0062 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/09/30 19:01:21.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/30 19:01:21.0156 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/09/30 19:01:21.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/30 19:01:21.0250 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/30 19:01:21.0265 kbfilter (a8480d72eb28d76db6dd3a32b0d8f8b0) C:\WINDOWS\system32\drivers\kbfilter.sys
2010/09/30 19:01:21.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/30 19:01:21.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/30 19:01:21.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/30 19:01:21.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/30 19:01:21.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/30 19:01:21.0531 moufiltr (a4a897ec59ce8c52d2537da00128ef40) C:\WINDOWS\system32\drivers\moufiltr.sys
2010/09/30 19:01:21.0578 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/30 19:01:21.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/30 19:01:21.0671 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/30 19:01:21.0718 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/30 19:01:21.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/30 19:01:21.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/30 19:01:21.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/30 19:01:21.0968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/30 19:01:22.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/30 19:01:22.0062 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/30 19:01:22.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/30 19:01:22.0125 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/30 19:01:22.0171 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/30 19:01:22.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/30 19:01:22.0234 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/30 19:01:22.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/30 19:01:22.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/30 19:01:22.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/30 19:01:22.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/30 19:01:22.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/30 19:01:22.0453 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/30 19:01:22.0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/30 19:01:22.0546 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/30 19:01:22.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/30 19:01:22.0609 nvatabus (52cab126c3ed5b851fb80eba0bea5c4e) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2010/09/30 19:01:22.0640 NVENETFD (3f09e5118d1ab379d028d511e45c6155) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/30 19:01:22.0718 nvnetbus (77c63a663b88fe327d71dd8e0a0f19b6) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/30 19:01:22.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/30 19:01:22.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/30 19:01:22.0906 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/30 19:01:22.0968 PAC207 (eb0f54fbcb622957051cf507885bf66f) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2010/09/30 19:01:23.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/30 19:01:23.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/30 19:01:23.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/30 19:01:23.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/30 19:01:23.0171 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/09/30 19:01:23.0218 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/30 19:01:23.0390 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2010/09/30 19:01:23.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/30 19:01:23.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/30 19:01:23.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/30 19:01:23.0484 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/30 19:01:23.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/30 19:01:23.0671 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/09/30 19:01:23.0703 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/30 19:01:23.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/30 19:01:23.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/30 19:01:23.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/30 19:01:23.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/30 19:01:23.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/30 19:01:23.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/30 19:01:24.0031 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/30 19:01:24.0046 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/30 19:01:24.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/30 19:01:24.0203 RTL8192u (7068471ff5d85917fd693dfe0c7934be) C:\WINDOWS\system32\DRIVERS\RTL8192u.sys
2010/09/30 19:01:24.0343 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/30 19:01:24.0390 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/30 19:01:24.0421 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/30 19:01:24.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/30 19:01:24.0625 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/30 19:01:24.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/30 19:01:24.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/30 19:01:24.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/30 19:01:24.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/30 19:01:24.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/30 19:01:24.0953 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/30 19:01:25.0046 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/30 19:01:25.0109 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/30 19:01:25.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/30 19:01:25.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/30 19:01:25.0390 SymEvent (5156f63e684e8c864ff40e40d5309f41) C:\Program Files\Symantec\SYMEVENT.SYS
2010/09/30 19:01:25.0578 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/09/30 19:01:25.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/30 19:01:25.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/30 19:01:25.0765 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/30 19:01:26.0093 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/30 19:01:26.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/30 19:01:26.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/30 19:01:26.0296 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/09/30 19:01:26.0343 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/30 19:01:26.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/30 19:01:26.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/30 19:01:26.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/30 19:01:26.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/30 19:01:26.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/30 19:01:26.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/30 19:01:26.0765 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/30 19:01:26.0781 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/30 19:01:26.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/30 19:01:26.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/30 19:01:26.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/30 19:01:26.0953 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/30 19:01:27.0000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/30 19:01:27.0187 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/30 19:01:27.0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/09/30 19:01:27.0453 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/30 19:01:27.0484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/30 19:01:27.0515 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/30 19:01:27.0562 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/30 19:01:27.0734 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/30 19:01:27.0734 ================================================================================
2010/09/30 19:01:27.0734 Scan finished
2010/09/30 19:01:27.0734 ================================================================================
2010/09/30 19:01:27.0765 Detected object count: 1
2010/09/30 19:01:46.0906 \HardDisk0\MBR - will be cured after reboot
2010/09/30 19:01:46.0906 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/30 19:01:58.0500 Deinitialize success


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 01 October 2010 - 04:21 PM

TDSSKiller has said it has removed the problem. It may not have.

Are you still getting redirects?
Posted Image
m0le is a proud member of UNITE

#10 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 October 2010 - 04:39 PM

Hi m0le,
I don't believe I am...I also noticed that my windows updates have updated. I will try a little surfing around tonight to make sure that it is all clear. Thanks in advance for all you have been able to help me with.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 01 October 2010 - 04:47 PM

QUOTE(cougarman24 @ Oct 1 2010, 10:39 PM) View Post
I will try a little surfing around tonight to make sure that it is all clear. Thanks in advance for all you have been able to help me with.


Good plan, and you're welcome. Still a few things to do when you come back though.

Posted Image
m0le is a proud member of UNITE

#12 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 October 2010 - 10:00 PM

Hi m0le,
It appears as though the re-direct has been killed. thumbup2.gif
So, I'm back and ready to follow orders for the rest of our procedure!


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 02 October 2010 - 03:11 AM

Good news, let's do a clear-up then...

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it cougarman24, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 cougarman24

cougarman24
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 October 2010 - 09:06 AM

Hello m0le,
It has been a few days and things are still working fantastic. I certainly appreciate the time you took to help me and will be donating to the anti-malware cause you have on your banner soon..
Thank you! thumbup.gif

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 07 October 2010 - 07:39 PM

Good to hear about your PC, cougarman24 thumbup2.gif

----------------------------------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users