Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected can't even run in Safe Mode!


  • This topic is locked This topic is locked
2 replies to this topic

#1 jco13

jco13

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 September 2010 - 09:33 AM

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far:

It is a Dell running XP.

Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything.

Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode).

I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager.

As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load.

Any thoughts or recommendations would be greatly appreciated!!!!!!!

I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge!

TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/25 10:48:32.0734 ================================================================================
2010/09/25 10:48:32.0734 SystemInfo:
2010/09/25 10:48:32.0734
2010/09/25 10:48:32.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/25 10:48:32.0734 Product type: Workstation
2010/09/25 10:48:32.0734 ComputerName: D9SV2Q41
2010/09/25 10:48:32.0734 UserName: Ken Puccio
2010/09/25 10:48:32.0734 Windows directory: C:WINDOWS
2010/09/25 10:48:32.0734 System windows directory: C:WINDOWS
2010/09/25 10:48:32.0734 Processor architecture: Intel x86
2010/09/25 10:48:32.0734 Number of processors: 1
2010/09/25 10:48:32.0734 Page size: 0x1000
2010/09/25 10:48:32.0734 Boot type: Safe boot
2010/09/25 10:48:32.0734 ================================================================================
2010/09/25 10:48:33.0187 Initialize success
2010/09/25 10:48:37.0671 ================================================================================
2010/09/25 10:48:37.0671 Scan started
2010/09/25 10:48:37.0671 Mode: Manual;
2010/09/25 10:48:37.0671 ================================================================================
2010/09/25 10:48:42.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:WINDOWSSystem32DRIVERSABP480N5.SYS
2010/09/25 10:48:42.0593 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys
2010/09/25 10:48:43.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys
2010/09/25 10:48:43.0531 adpu160m (9a11864873da202c996558b2106b0bbc) C:WINDOWSSystem32DRIVERSadpu160m.sys
2010/09/25 10:48:44.0078 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:WINDOWSsystem32driversaeaudio.sys
2010/09/25 10:48:44.0578 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys
2010/09/25 10:48:45.0125 AegisP (15e655baa989444f56787ef558823643) C:WINDOWSsystem32DRIVERSAegisP.sys
2010/09/25 10:48:45.0640 AFD (7e775010ef291da96ad17ca4b17137d7) C:WINDOWSSystem32driversafd.sys
2010/09/25 10:48:46.0156 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:WINDOWSSystem32DRIVERSagp440.sys
2010/09/25 10:48:46.0593 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:WINDOWSSystem32DRIVERSagpCPQ.sys
2010/09/25 10:48:47.0078 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:WINDOWSSystem32DRIVERSaha154x.sys
2010/09/25 10:48:47.0515 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:WINDOWSSystem32DRIVERSaic78u2.sys
2010/09/25 10:48:48.0000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:WINDOWSSystem32DRIVERSaic78xx.sys
2010/09/25 10:48:48.0437 AliIde (1140ab9938809700b46bb88e46d72a96) C:WINDOWSSystem32DRIVERSaliide.sys
2010/09/25 10:48:48.0875 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:WINDOWSSystem32DRIVERSalim1541.sys
2010/09/25 10:48:49.0343 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:WINDOWSSystem32DRIVERSamdagp.sys
2010/09/25 10:48:49.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:WINDOWSSystem32DRIVERSamsint.sys
2010/09/25 10:48:50.0265 ANIO (4a5c7eaefa4c43d139c402c6da5bfd2c) C:WINDOWSsystem32ANIO.SYS
2010/09/25 10:48:50.0843 asc (62d318e9a0c8fc9b780008e724283707) C:WINDOWSSystem32DRIVERSasc.sys
2010/09/25 10:48:51.0343 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:WINDOWSSystem32DRIVERSasc3350p.sys
2010/09/25 10:48:51.0953 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:WINDOWSSystem32DRIVERSasc3550.sys
2010/09/25 10:48:52.0515 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys
2010/09/25 10:48:52.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys
2010/09/25 10:48:53.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys
2010/09/25 10:48:54.0250 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys
2010/09/25 10:48:54.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys
2010/09/25 10:48:55.0500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSSystem32DRIVERScbidf2k.sys
2010/09/25 10:48:55.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys
2010/09/25 10:48:56.0250 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:WINDOWSSystem32DRIVERScd20xrnt.sys
2010/09/25 10:48:56.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys
2010/09/25 10:48:57.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys
2010/09/25 10:48:57.0593 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:WINDOWSsystem32DRIVERScdrom.sys
2010/09/25 10:48:58.0421 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:WINDOWSSystem32DRIVERScmdide.sys
2010/09/25 10:48:58.0937 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:WINDOWSSystem32DRIVERScpqarray.sys
2010/09/25 10:48:59.0453 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:WINDOWSSystem32DRIVERSdac2w2k.sys
2010/09/25 10:48:59.0953 dac960nt (683789caa3864eb46125ae86ff677d34) C:WINDOWSSystem32DRIVERSdac960nt.sys
2010/09/25 10:49:00.0343 DcCam (32e31781d59be1fa9c66c5d2e42ef12a) C:WINDOWSsystem32DRIVERSDcCam.sys
2010/09/25 10:49:00.0796 DcFpoint (016ad1e71da43c39e5211fd7521c88d0) C:WINDOWSsystem32DRIVERSDcFpoint.sys
2010/09/25 10:49:01.0296 DCFS2K (7cef1cd1dc5c24208f196c36eb48a411) C:WINDOWSsystem32driversdcfs2k.sys
2010/09/25 10:49:01.0765 DcLps (2484fe767708eaba26767f2da0256398) C:WINDOWSsystem32DRIVERSDcLps.sys
2010/09/25 10:49:02.0265 DcPTP (a76d1610c9cae786006d412f012dcb7c) C:WINDOWSsystem32DRIVERSDcPTP.sys
2010/09/25 10:49:02.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:WINDOWSsystem32DRIVERSdisk.sys
2010/09/25 10:49:03.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys
2010/09/25 10:49:04.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys
2010/09/25 10:49:04.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys
2010/09/25 10:49:05.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys
2010/09/25 10:49:05.0750 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:WINDOWSsystem32DRIVERSDot4.sys
2010/09/25 10:49:06.0281 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:WINDOWSsystem32DRIVERSDot4Prt.sys
2010/09/25 10:49:06.0703 dot4ufd (e9674cdc15f5a26e9b1b42f8d0185d06) C:WINDOWSsystem32DRIVERShppaufd0.sys
2010/09/25 10:49:07.0187 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:WINDOWSSystem32DRIVERSdpti2o.sys
2010/09/25 10:49:07.0593 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys
2010/09/25 10:49:08.0109 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:WINDOWSsystem32driversdrvmcdb.sys
2010/09/25 10:49:08.0562 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:WINDOWSsystem32driversdrvnddm.sys
2010/09/25 10:49:08.0828 DSproct (413f2d5f9d802688242c23b38f767ecb) C:Program FilesDellSupportGTActiontriggersDSproct.sys
2010/09/25 10:49:09.0281 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:WINDOWSsystem32DRIVERSdsunidrv.sys
2010/09/25 10:49:09.0765 E100B (98b46b331404a951cabad8b4877e1276) C:WINDOWSsystem32DRIVERSe100b325.sys
2010/09/25 10:49:10.0296 EL90XBC (6e883bf518296a40959131c2304af714) C:WINDOWSsystem32DRIVERSel90xbc5.sys
2010/09/25 10:49:10.0906 Exportit (bf218812f530e6a80be487cbfd1f3dde) C:WINDOWSsystem32DRIVERSexportit.sys
2010/09/25 10:49:11.0437 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys
2010/09/25 10:49:11.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys
2010/09/25 10:49:12.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys
2010/09/25 10:49:12.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys
2010/09/25 10:49:13.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32driversfltmgr.sys
2010/09/25 10:49:13.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys
2010/09/25 10:49:14.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys
2010/09/25 10:49:14.0828 gameenum (065639773d8b03f33577f6cdaea21063) C:WINDOWSsystem32DRIVERSgameenum.sys
2010/09/25 10:49:15.0265 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:WINDOWSsystem32DriversGEARAspiWDM.sys
2010/09/25 10:49:15.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys
2010/09/25 10:49:16.0171 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:WINDOWSsystem32driversgrmnusb.sys
2010/09/25 10:49:16.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys
2010/09/25 10:49:17.0109 hpn (b028377dea0546a5fcfba928a8aefae0) C:WINDOWSSystem32DRIVERShpn.sys
2010/09/25 10:49:17.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys
2010/09/25 10:49:18.0171 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:WINDOWSsystem32driversi2omgmt.sys
2010/09/25 10:49:18.0609 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:WINDOWSSystem32DRIVERSi2omp.sys
2010/09/25 10:49:19.0093 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys
2010/09/25 10:49:19.0609 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:WINDOWSsystem32DRIVERSi81xnt5.sys
2010/09/25 10:49:20.0140 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:WINDOWSsystem32DRIVERSwADV01nt.sys
2010/09/25 10:49:20.0531 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:WINDOWSsystem32DRIVERSwADV02NT.sys
2010/09/25 10:49:20.0875 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:WINDOWSsystem32DRIVERSwADV05NT.sys
2010/09/25 10:49:21.0281 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:WINDOWSsystem32DRIVERSwSiINTxx.sys
2010/09/25 10:49:21.0671 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:WINDOWSsystem32DRIVERSwVchNTxx.sys
2010/09/25 10:49:22.0140 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:WINDOWSsystem32DRIVERSwATV01nt.sys
2010/09/25 10:49:22.0531 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:WINDOWSsystem32DRIVERSwATV02NT.sys
2010/09/25 10:49:23.0281 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:WINDOWSsystem32DRIVERSwATV04nt.sys
2010/09/25 10:49:23.0703 iAimTV4 (0052d118995cbab152daabe6106d1442) C:WINDOWSsystem32DRIVERSwCh7xxNT.sys
2010/09/25 10:49:24.0671 ialm (9a883c3c4d91292c0d09de7c728e781c) C:WINDOWSsystem32DRIVERSialmnt5.sys
2010/09/25 10:49:25.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys
2010/09/25 10:49:26.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:WINDOWSSystem32DRIVERSini910u.sys
2010/09/25 10:49:26.0875 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:WINDOWSsystem32DRIVERSIntelC51.sys
2010/09/25 10:49:27.0937 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:WINDOWSsystem32DRIVERSIntelC52.sys
2010/09/25 10:49:28.0640 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:WINDOWSsystem32DRIVERSIntelC53.sys
2010/09/25 10:49:29.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSSystem32DRIVERSintelide.sys
2010/09/25 10:49:29.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys
2010/09/25 10:49:30.0062 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32driversip6fw.sys
2010/09/25 10:49:30.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys
2010/09/25 10:49:30.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys
2010/09/25 10:49:31.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys
2010/09/25 10:49:31.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys
2010/09/25 10:49:32.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys
2010/09/25 10:49:32.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys
2010/09/25 10:49:32.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys
2010/09/25 10:49:33.0312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:WINDOWSsystem32DRIVERSkbdhid.sys
2010/09/25 10:49:33.0796 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys
2010/09/25 10:49:34.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:WINDOWSsystem32driversKSecDD.sys
2010/09/25 10:49:35.0359 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:WINDOWSsystem32DRIVERSmdc8021x.sys
2010/09/25 10:49:35.0843 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:WINDOWSsystem32driversmfeavfk.sys
2010/09/25 10:49:36.0437 mfebopk (1d003e3056a43d881597d6763e83b943) C:WINDOWSsystem32driversmfebopk.sys
2010/09/25 10:49:36.0953 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:WINDOWSsystem32driversmfehidk.sys
2010/09/25 10:49:37.0468 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:WINDOWSsystem32driversmferkdk.sys
2010/09/25 10:49:37.0906 mfesmfk (096b52ea918aa909ba5903d79e129005) C:WINDOWSsystem32driversmfesmfk.sys
2010/09/25 10:49:38.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys
2010/09/25 10:49:38.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys
2010/09/25 10:49:39.0109 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:WINDOWSsystem32driversMODEMCSA.sys
2010/09/25 10:49:39.0562 mohfilt (59b8b11ff70728eec60e72131c58b716) C:WINDOWSsystem32DRIVERSmohfilt.sys
2010/09/25 10:49:40.0000 Mouclass (f9da96b3292461e33489766f7280cea4) C:WINDOWSsystem32DRIVERSmouclass.sys
2010/09/25 10:49:40.0000 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSmouclass.sys. Real md5: f9da96b3292461e33489766f7280cea4, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/09/25 10:49:40.0015 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/25 10:49:40.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys
2010/09/25 10:49:40.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:WINDOWSsystem32driversMountMgr.sys
2010/09/25 10:49:41.0234 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:WINDOWSSystem32DRIVERSmraid35x.sys
2010/09/25 10:49:41.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:WINDOWSsystem32DRIVERSmrxdav.sys
2010/09/25 10:49:42.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:WINDOWSsystem32DRIVERSmrxsmb.sys
2010/09/25 10:49:43.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys
2010/09/25 10:49:43.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys
2010/09/25 10:49:43.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys
2010/09/25 10:49:44.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys
2010/09/25 10:49:44.0718 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys
2010/09/25 10:49:45.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) C:WINDOWSsystem32driversMup.sys
2010/09/25 10:49:45.0718 mvb35316 (dc993837129a691cfe842f04c87b91fb) C:WINDOWSsystem32driversmvb35316.sys
2010/09/25 10:49:46.0140 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:WINDOWSsystem32driversMxlW2k.sys
2010/09/25 10:49:46.0625 NDIS (1df7f42665c94b825322fae71721130d) C:WINDOWSsystem32driversNDIS.sys
2010/09/25 10:49:47.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:WINDOWSsystem32DRIVERSndistapi.sys
2010/09/25 10:49:47.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys
2010/09/25 10:49:47.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:WINDOWSsystem32DRIVERSndiswan.sys
2010/09/25 10:49:48.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:WINDOWSsystem32driversNDProxy.sys
2010/09/25 10:49:48.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys
2010/09/25 10:49:49.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys
2010/09/25 10:49:49.0750 NIOC (660afb141d2b66d46bbce3d0167e693b) C:WINDOWSsystem32NIOC.SYS
2010/09/25 10:49:50.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys
2010/09/25 10:49:50.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:WINDOWSsystem32driversNtfs.sys
2010/09/25 10:49:51.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys
2010/09/25 10:49:52.0625 nv (2b298519edbfcf451d43e0f1e8f1006d) C:WINDOWSsystem32DRIVERSnv4_mini.sys
2010/09/25 10:49:53.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys
2010/09/25 10:49:54.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys
2010/09/25 10:49:54.0531 omci (53d5f1278d9edb21689bbbcecc09108d) C:WINDOWSsystem32DRIVERSomci.sys
2010/09/25 10:49:55.0531 P16X (13026e137486d916a0677d276144ea7f) C:WINDOWSsystem32driversP16X.sys
2010/09/25 10:49:56.0531 P3 (c90018bafdc7098619a4a95b046b30f3) C:WINDOWSsystem32DRIVERSp3.sys
2010/09/25 10:49:57.0000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys
2010/09/25 10:49:57.0390 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys
2010/09/25 10:49:57.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys
2010/09/25 10:49:58.0187 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys
2010/09/25 10:49:58.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys
2010/09/25 10:49:59.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys
2010/09/25 10:50:01.0203 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:WINDOWSSystem32DRIVERSperc2.sys
2010/09/25 10:50:01.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:WINDOWSSystem32DRIVERSperc2hib.sys
2010/09/25 10:50:01.0953 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:WINDOWSSystem32PfModNT.sys
2010/09/25 10:50:02.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys
2010/09/25 10:50:02.0875 Processor (a32bebaf723557681bfc6bd93e98bd26) C:WINDOWSsystem32DRIVERSprocessr.sys
2010/09/25 10:50:03.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys
2010/09/25 10:50:03.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys
2010/09/25 10:50:04.0296 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:WINDOWSsystem32DRIVERSPxHelp20.sys
2010/09/25 10:50:04.0765 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:WINDOWSSystem32DRIVERSql1080.sys
2010/09/25 10:50:05.0125 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:WINDOWSSystem32DRIVERSql10wnt.sys
2010/09/25 10:50:05.0500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:WINDOWSSystem32DRIVERSql12160.sys
2010/09/25 10:50:05.0843 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:WINDOWSSystem32DRIVERSql1240.sys
2010/09/25 10:50:06.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:WINDOWSSystem32DRIVERSql1280.sys
2010/09/25 10:50:06.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys
2010/09/25 10:50:07.0203 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys
2010/09/25 10:50:07.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:WINDOWSsystem32DRIVERSraspppoe.sys
2010/09/25 10:50:08.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys
2010/09/25 10:50:08.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:WINDOWSsystem32DRIVERSrdbss.sys
2010/09/25 10:50:09.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys
2010/09/25 10:50:09.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:WINDOWSsystem32DRIVERSrdpdr.sys
2010/09/25 10:50:10.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:WINDOWSsystem32driversRDPWD.sys
2010/09/25 10:50:10.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys
2010/09/25 10:50:10.0906 RimUsb (f17713d108aca124a139fde877eef68a) C:WINDOWSsystem32DriversRimUsb.sys
2010/09/25 10:50:11.0312 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:WINDOWSsystem32DriversRootMdm.sys
2010/09/25 10:50:11.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys
2010/09/25 10:50:12.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys
2010/09/25 10:50:12.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys
2010/09/25 10:50:13.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32driversSfloppy.sys
2010/09/25 10:50:13.0890 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:WINDOWSSystem32DRIVERSsisagp.sys
2010/09/25 10:50:14.0515 smwdm (5018a9db5eb62e3edb3110f82f556285) C:WINDOWSsystem32driverssmwdm.sys
2010/09/25 10:50:15.0140 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:WINDOWSSystem32DRIVERSsparrow.sys
2010/09/25 10:50:15.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys
2010/09/25 10:50:15.0875 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys
2010/09/25 10:50:16.0421 Srv (da852e3e0bf1cea75d756f9866241e57) C:WINDOWSsystem32DRIVERSsrv.sys
2010/09/25 10:50:17.0000 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:WINDOWSsystem32driverssscdbhk5.sys
2010/09/25 10:50:17.0453 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:WINDOWSsystem32driversssrtln.sys
2010/09/25 10:50:17.0859 StillCam (a9573045baa16eab9b1085205b82f1ed) C:WINDOWSsystem32DRIVERSserscan.sys
2010/09/25 10:50:18.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys
2010/09/25 10:50:18.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys
2010/09/25 10:50:19.0390 symc810 (1ff3217614018630d0a6758630fc698c) C:WINDOWSSystem32DRIVERSsymc810.sys
2010/09/25 10:50:19.0781 symc8xx (070e001d95cf725186ef8b20335f933c) C:WINDOWSSystem32DRIVERSsymc8xx.sys
2010/09/25 10:50:20.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:WINDOWSSystem32DRIVERSsym_hi.sys
2010/09/25 10:50:20.0578 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:WINDOWSSystem32DRIVERSsym_u3.sys
2010/09/25 10:50:21.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys
2010/09/25 10:50:21.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:WINDOWSsystem32DRIVERStcpip.sys
2010/09/25 10:50:22.0265 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys
2010/09/25 10:50:22.0687 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:WINDOWSsystem32driversTDTCP.sys
2010/09/25 10:50:23.0046 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys
2010/09/25 10:50:23.0515 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:WINDOWSsystem32dlatfsnboio.sys
2010/09/25 10:50:23.0937 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:WINDOWSsystem32dlatfsncofs.sys
2010/09/25 10:50:24.0375 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:WINDOWSsystem32dlatfsndrct.sys
2010/09/25 10:50:24.0812 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:WINDOWSsystem32dlatfsndres.sys
2010/09/25 10:50:25.0265 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:WINDOWSsystem32dlatfsnifs.sys
2010/09/25 10:50:25.0718 tfsnopio (818047ad850b312705aa17ca96b9427d) C:WINDOWSsystem32dlatfsnopio.sys
2010/09/25 10:50:26.0125 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:WINDOWSsystem32dlatfsnpool.sys
2010/09/25 10:50:26.0531 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:WINDOWSsystem32dlatfsnudf.sys
2010/09/25 10:50:27.0015 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:WINDOWSsystem32dlatfsnudfa.sys
2010/09/25 10:50:27.0531 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:WINDOWSSystem32DRIVERStoside.sys
2010/09/25 10:50:27.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys
2010/09/25 10:50:28.0468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:WINDOWSSystem32DRIVERSultra.sys
2010/09/25 10:50:29.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys
2010/09/25 10:50:29.0687 USBAAPL (026f7f224f088ee11e383bca448fff81) C:WINDOWSsystem32Driversusbaapl.sys
2010/09/25 10:50:30.0125 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:WINDOWSsystem32DRIVERSusbccgp.sys
2010/09/25 10:50:30.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:WINDOWSsystem32DRIVERSusbehci.sys
2010/09/25 10:50:31.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys
2010/09/25 10:50:31.0515 usbprint (a717c8721046828520c9edf31288fc00) C:WINDOWSsystem32DRIVERSusbprint.sys
2010/09/25 10:50:31.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:WINDOWSsystem32DRIVERSusbscan.sys
2010/09/25 10:50:32.0484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS
2010/09/25 10:50:32.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys
2010/09/25 10:50:33.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys
2010/09/25 10:50:33.0796 viaagp (754292ce5848b3738281b4f3607eaef4) C:WINDOWSSystem32DRIVERSviaagp.sys
2010/09/25 10:50:34.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:WINDOWSSystem32DRIVERSviaide.sys
2010/09/25 10:50:34.0734 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys
2010/09/25 10:50:35.0234 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys
2010/09/25 10:50:35.0625 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:WINDOWSsystem32DRIVERSwanatw4.sys
2010/09/25 10:50:36.0375 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys
2010/09/25 10:50:37.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:WINDOWSsystem32DRIVERSWudfPf.sys
2010/09/25 10:50:37.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:WINDOWSsystem32DRIVERSwudfrd.sys
2010/09/25 10:50:38.0171 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:WINDOWSsystem32driversialmsbw.sys
2010/09/25 10:50:38.0593 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:WINDOWSsystem32driversialmkchw.sys
2010/09/25 10:50:38.0718 ================================================================================
2010/09/25 10:50:38.0718 Scan finished
2010/09/25 10:50:38.0718 ================================================================================
2010/09/25 10:50:38.0765 Detected object count: 1
2010/09/25 10:50:59.0078 Mouclass (f9da96b3292461e33489766f7280cea4) C:WINDOWSsystem32DRIVERSmouclass.sys
2010/09/25 10:50:59.0078 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSmouclass.sys. Real md5: f9da96b3292461e33489766f7280cea4, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/09/25 10:51:05.0890 Backup copy found, using it..
2010/09/25 10:51:05.0921 C:WINDOWSsystem32DRIVERSmouclass.sys - will be cured after reboot
2010/09/25 10:51:05.0921 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Cure
2010/09/25 10:51:25.0296 Deinitialize success

Edited by Pandy, 25 September 2010 - 03:24 PM.
merged replies ~Pandy


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:32 AM

Posted 30 September 2010 - 10:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:32 AM

Posted 16 October 2010 - 04:10 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users