Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus 2010 new symptoms - service vbmac6dc


  • This topic is locked This topic is locked
77 replies to this topic

#1 achasse

achasse

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 29 October 2010 - 09:33 PM

Help,

It seems that the antivirus program install on its own, since I left the computer for 10 min and I came back to see that the famous antivirus 2010 was scanning the computer. I killed the process right away.

I tried the usual files related to the antivirus 2010 problem, but it seem that I do not have the files mentionned on the other forum.
The only file mentionned in the different forums that I found on my computer was the c:\Documents and Settings\All Users\Desktop\.wtav, which I deleted.
I do have the antivirus 2010 in the add-remove program.

The virus is blocking every usefull exe that would help to disable and remove the malware. Malwarebyte,hijackthis,gmer,processexp....
Changing exe name does not make any difference.

defogger did not asked for a reboot.
while trying to execute gmer , I got a red message about service vbmac6dc and then it stopped.

Thanks in advance for your replies.
Regards

DDS (Ver_10-10-21.02) - NTFSx86
Run by Renato at 21:59:24.87 on 29/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1436 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.exe
svchost.exe
C:\Documents and Settings\Renato\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe rundll32.exe jxvy.dio cymucrx
uWinlogon: Shell=explorer.exe,c:\documents and settings\renato\application data\microsoft\windows\shell.exe
uWindows: load=c:\docume~1\renato\locals~1\temp\dwm.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {F4249A0C-0BE3-4DF1-9F2C-5485A2FFEEB9} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [LaunchApp] Alaunch
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [<NO NAME>]
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [svchost] c:\documents and settings\renato\application data\microsoft\svchost.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\renato\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115w.bay115.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4899/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\renato\applic~1\mozilla\firefox\profiles\m60q2fe2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\20-20 technologies\20-20 3d viewer\NP2020Player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {DFE29F2E-3734-4D93-AEB6-E2744D8DB96D} - c:\documents and settings\renato\local settings\application data\{DFE29F2E-3734-4D93-AEB6-E2744D8DB96D}
FF - HiddenExtension: XULRunner: {F62F2732-A7C4-4E17-9DF8-561EB6BF470D} - c:\documents and settings\administrator\local settings\application data\{f62f2732-a7c4-4e17-9df8-561eb6bf470d}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-12-3 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-3-26 1088896]
S0 luzfeml;luzfeml; [x]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-10-30 01:08:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-10-30 01:04:33 -------- d-----w- c:\docume~1\renato\applic~1\GetRightToGo
2010-10-30 00:32:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 00:32:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 00:32:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 00:21:57 -------- d-----w- c:\program files\alex
2010-10-29 21:16:52 120320 ----a-w- c:\docume~1\renato\applic~1\microsoft\windows\shell.exe
2010-10-29 21:16:39 104960 ----a-w- c:\docume~1\renato\applic~1\microsoft\svchost.exe
2010-10-28 23:14:44 21504 ----a-w- c:\windows\system32\jxvy.dio
2010-10-15 00:11:59 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:11:59 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:11:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:00:35.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 30 October 2010 - 12:03 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 30 October 2010 - 12:30 PM

I cant see the cure fonction.

There is a forged file and a locked service (see the attached jpg)
I have 3 choices for both of them (skip, delete, quarantine)
Which option should I choose ?

vbmac6dc look like something I have to delete but what about the forged rasl2tp ?

Thanks.Attached File  tdskiller.jpg   155.63KB   4 downloads

2010/10/30 13:18:14.0906 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/30 13:18:14.0906 ================================================================================
2010/10/30 13:18:14.0906 SystemInfo:
2010/10/30 13:18:14.0906
2010/10/30 13:18:14.0906 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/30 13:18:14.0906 Product type: Workstation
2010/10/30 13:18:14.0906 ComputerName: ACERALEX
2010/10/30 13:18:14.0906 UserName: Renato
2010/10/30 13:18:14.0906 Windows directory: C:\WINDOWS
2010/10/30 13:18:14.0906 System windows directory: C:\WINDOWS
2010/10/30 13:18:14.0906 Processor architecture: Intel x86
2010/10/30 13:18:14.0906 Number of processors: 2
2010/10/30 13:18:14.0906 Page size: 0x1000
2010/10/30 13:18:14.0906 Boot type: Normal boot
2010/10/30 13:18:14.0906 ================================================================================
2010/10/30 13:18:15.0531 Initialize success
2010/10/30 13:18:18.0531 ================================================================================
2010/10/30 13:18:18.0531 Scan started
2010/10/30 13:18:18.0531 Mode: Manual;
2010/10/30 13:18:18.0531 ================================================================================
2010/10/30 13:18:19.0765 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/30 13:18:19.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/30 13:18:19.0859 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/30 13:18:19.0906 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/30 13:18:19.0953 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/30 13:18:20.0015 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/30 13:18:20.0140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/30 13:18:20.0171 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/30 13:18:20.0234 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/30 13:18:20.0265 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/30 13:18:20.0296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/30 13:18:20.0343 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/30 13:18:20.0375 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/30 13:18:20.0453 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/30 13:18:20.0546 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/30 13:18:20.0625 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/30 13:18:20.0671 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/30 13:18:20.0703 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/30 13:18:20.0734 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/30 13:18:20.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/30 13:18:20.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/30 13:18:21.0031 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/30 13:18:21.0156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/30 13:18:21.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/30 13:18:21.0312 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
2010/10/30 13:18:21.0390 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/10/30 13:18:21.0437 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/10/30 13:18:21.0562 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/30 13:18:21.0609 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/30 13:18:21.0703 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/30 13:18:21.0765 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/30 13:18:21.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/30 13:18:21.0906 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
2010/10/30 13:18:21.0953 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/10/30 13:18:22.0015 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/30 13:18:22.0125 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/30 13:18:22.0171 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/30 13:18:22.0218 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/30 13:18:22.0359 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/10/30 13:18:22.0421 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
2010/10/30 13:18:22.0468 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/10/30 13:18:22.0500 BTWUSB (fca94255e0a0e65c7c93530bdf10adca) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/10/30 13:18:22.0531 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/30 13:18:22.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/30 13:18:22.0671 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/30 13:18:22.0703 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/30 13:18:22.0750 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/30 13:18:22.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/30 13:18:22.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/30 13:18:22.0937 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/30 13:18:22.0984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/30 13:18:23.0000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/30 13:18:23.0046 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/30 13:18:23.0109 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/30 13:18:23.0234 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/30 13:18:23.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/30 13:18:23.0312 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/10/30 13:18:23.0390 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/30 13:18:23.0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/30 13:18:23.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/30 13:18:23.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/30 13:18:23.0734 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/30 13:18:23.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/30 13:18:23.0890 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/30 13:18:24.0093 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
2010/10/30 13:18:24.0359 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
2010/10/30 13:18:24.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/30 13:18:24.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/30 13:18:24.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/30 13:18:24.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/30 13:18:24.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/30 13:18:24.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/30 13:18:24.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/30 13:18:24.0890 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/30 13:18:24.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/30 13:18:24.0984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/30 13:18:25.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/30 13:18:25.0078 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/30 13:18:25.0125 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/30 13:18:25.0250 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/30 13:18:25.0281 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/30 13:18:25.0343 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/30 13:18:25.0421 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/30 13:18:25.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/30 13:18:25.0656 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/30 13:18:25.0703 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/30 13:18:25.0734 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/30 13:18:25.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/30 13:18:25.0828 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/30 13:18:25.0921 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/10/30 13:18:26.0203 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/30 13:18:26.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/30 13:18:26.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/30 13:18:26.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/30 13:18:26.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/30 13:18:26.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/30 13:18:26.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/30 13:18:26.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/30 13:18:26.0765 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/30 13:18:26.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/30 13:18:26.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/30 13:18:26.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/30 13:18:26.0953 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/30 13:18:27.0140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/30 13:18:27.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/30 13:18:27.0406 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
2010/10/30 13:18:27.0562 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
2010/10/30 13:18:27.0734 LVPrcMon (d8cf31431aa398c1d79931203a75332f) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2010/10/30 13:18:27.0812 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/10/30 13:18:27.0859 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/30 13:18:27.0890 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/30 13:18:27.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/30 13:18:28.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/30 13:18:28.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/30 13:18:28.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/30 13:18:28.0218 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/10/30 13:18:28.0265 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/30 13:18:28.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/30 13:18:28.0375 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/30 13:18:28.0406 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/30 13:18:28.0453 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/30 13:18:28.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/30 13:18:28.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/30 13:18:28.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/30 13:18:28.0734 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/30 13:18:28.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/30 13:18:28.0812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/30 13:18:28.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/30 13:18:28.0937 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
2010/10/30 13:18:28.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/30 13:18:29.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/30 13:18:29.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/30 13:18:29.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/30 13:18:29.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/30 13:18:29.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/30 13:18:29.0312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/30 13:18:29.0390 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
2010/10/30 13:18:29.0468 NetworkX (a58e14e33fc4d38e8089f72997405a55) C:\WINDOWS\system32\ckldrv.sys
2010/10/30 13:18:29.0625 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/30 13:18:29.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/30 13:18:29.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/30 13:18:29.0828 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/10/30 13:18:29.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/30 13:18:29.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/30 13:18:30.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/30 13:18:30.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/30 13:18:30.0093 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2010/10/30 13:18:30.0125 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2010/10/30 13:18:30.0156 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2010/10/30 13:18:30.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/30 13:18:30.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/30 13:18:30.0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/30 13:18:30.0375 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/30 13:18:30.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/30 13:18:30.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/30 13:18:30.0546 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/30 13:18:30.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/30 13:18:30.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/30 13:18:30.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/30 13:18:30.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/30 13:18:30.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/30 13:18:30.0968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/30 13:18:31.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/30 13:18:31.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/30 13:18:31.0078 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/30 13:18:31.0109 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/30 13:18:31.0125 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/30 13:18:31.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/30 13:18:31.0187 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/30 13:18:31.0250 Rasl2tp (39e69c3b1f328676a0dae3551fcfe2d8) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/30 13:18:31.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasl2tp.sys. Real md5: 39e69c3b1f328676a0dae3551fcfe2d8, Fake md5: 11b4a627bc9614b885c4969bfa5ff8a6
2010/10/30 13:18:31.0265 Rasl2tp - detected Forged file (1)
2010/10/30 13:18:31.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/30 13:18:31.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/30 13:18:31.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/30 13:18:31.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/30 13:18:31.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/30 13:18:31.0625 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/30 13:18:31.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/30 13:18:31.0781 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/30 13:18:31.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/30 13:18:32.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/30 13:18:32.0046 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/30 13:18:32.0109 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/30 13:18:32.0156 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/30 13:18:32.0203 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
2010/10/30 13:18:32.0234 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/10/30 13:18:32.0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/30 13:18:32.0421 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/30 13:18:32.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/30 13:18:32.0562 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/30 13:18:32.0609 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/30 13:18:32.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/30 13:18:32.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/30 13:18:32.0812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/30 13:18:32.0828 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/30 13:18:32.0921 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/30 13:18:32.0968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/30 13:18:33.0031 SynTP (f02ac372911f034b56182dc4bd6cb3af) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/30 13:18:33.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/30 13:18:33.0187 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/30 13:18:33.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/30 13:18:33.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/30 13:18:33.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/30 13:18:33.0437 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/10/30 13:18:33.0500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/30 13:18:33.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/30 13:18:33.0625 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/30 13:18:33.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/30 13:18:33.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/30 13:18:33.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/30 13:18:33.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/30 13:18:33.0937 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/30 13:18:34.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/30 13:18:34.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/30 13:18:34.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/30 13:18:34.0171 Suspicious service (NoAccess): vbmac6dc
2010/10/30 13:18:34.0250 vbmac6dc (40aeb1b54132ef90f5853a3fa19b8f6d) C:\WINDOWS\system32\drivers\vbmac6dc.sys
2010/10/30 13:18:34.0250 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmac6dc.sys. md5: 40aeb1b54132ef90f5853a3fa19b8f6d
2010/10/30 13:18:34.0265 vbmac6dc - detected Locked service (1)
2010/10/30 13:18:34.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/30 13:18:34.0375 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/30 13:18:34.0437 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/30 13:18:34.0531 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/30 13:18:34.0687 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/10/30 13:18:34.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/30 13:18:34.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/30 13:18:35.0000 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/30 13:18:35.0093 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/30 13:18:35.0140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/30 13:18:35.0234 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/30 13:18:35.0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/30 13:18:35.0484 ================================================================================
2010/10/30 13:18:35.0484 Scan finished
2010/10/30 13:18:35.0484 ================================================================================
2010/10/30 13:18:35.0500 Detected object count: 2
2010/10/30 13:18:47.0437 Forged file(Rasl2tp) - User select action: Skip
2010/10/30 13:18:47.0437 Locked service(vbmac6dc) - User select action: Skip

Edited by achasse, 30 October 2010 - 12:37 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 30 October 2010 - 12:46 PM

Hi

yes, rerun the program and delete vbmac6dc

Skip the Rasl2tp file, we need to find a replacement for that,

then run the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Edited by CatByte, 30 October 2010 - 12:47 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 30 October 2010 - 01:07 PM

I rerun deleting the vbmac6dc and reboot.
The service reinstall itself at the startup.

I will try the combofix.


Combo fix did not run. I did not get the check for the console nor the message for the black screen.
What should I do next ?

Edited by achasse, 30 October 2010 - 01:28 PM.


#6 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 30 October 2010 - 01:14 PM

Combo fix did not run. I did not get the check for the console nor the message for the black screen.
What should I do next ?

note the .wtav file is back. I deleted it again.
Thanks

Edited by achasse, 30 October 2010 - 01:17 PM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 30 October 2010 - 03:17 PM

Hi,

Please try the following:

Please delete the copy of ComboFix that you have on your desktop > download a fresh copy but rename it to SVCHOST.EXE before saving it.

Now see if it will run

If it still wont run > go into device manager:

press the WinKey + R to open a run box

type in devmgmt.msc to open device manager

Expand the System Devices tree

Look for [cmz vmkd]virtual bus > right click it and set to Disable


now try running ComboFix

Edited by CatByte, 30 October 2010 - 03:18 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 30 October 2010 - 05:27 PM

It still does not work
It stopped right after the installation progression bar is full.

Edited by achasse, 30 October 2010 - 05:34 PM.


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 30 October 2010 - 06:21 PM

Hi

delete the copy you have then again, download a fresh copy of combofix, again - rename it to svchost.exe



Now please enter into safe mode

reboot and tap F8 repeatedly on startup until an advanced menu appears > arrow up to safe mode with networking

now open device manager again and make sure that service is disabled

then do the following:

Press the WinKey + R to open a run box

copy/paste the following command into the run box > OK

"%userprofile%\desktop\combofix.exe" /killall

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 31 October 2010 - 08:08 AM

It stopped like it used to .

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 31 October 2010 - 08:57 AM

Hi

Please do the following:

Print out these instructions to use while in the Recovery Console:

  • Restart your computer.
  • Before Windows loads, you will be prompted to choose which Operating System to start.
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must now enter which Windows installation to log onto. Type 1 and press 'Enter'.
  • At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

    Disable vbmac6dc

  • Type exit and press 'Enter'
  • Your computer should reboot.





Now try combofix again > if it still wont run, try the following



NEXT



  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Edited by CatByte, 31 October 2010 - 08:57 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 31 October 2010 - 10:10 AM

wait, meanwhile after running runkill
I was able to run malwarebyte and tdsskiller with new result

I will still try the instruction mentionned in the previous email.
Let me know if the log files make you think of another solution.

here are the logs
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

31/10/2010 10:49:26 AM
mbam-log-2010-10-31 (10-49-26).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 209712
Temps écoulé: 31 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Userinit (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe jxvy.dio cymucrx) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Renato\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Renato\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.





2010/10/31 10:53:51.0890 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 10:53:51.0890 ================================================================================
2010/10/31 10:53:51.0890 SystemInfo:
2010/10/31 10:53:51.0890
2010/10/31 10:53:51.0890 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/31 10:53:51.0890 Product type: Workstation
2010/10/31 10:53:51.0890 ComputerName: ACERALEX
2010/10/31 10:53:51.0890 UserName: Renato
2010/10/31 10:53:51.0890 Windows directory: C:\WINDOWS
2010/10/31 10:53:51.0890 System windows directory: C:\WINDOWS
2010/10/31 10:53:51.0890 Processor architecture: Intel x86
2010/10/31 10:53:51.0890 Number of processors: 2
2010/10/31 10:53:51.0890 Page size: 0x1000
2010/10/31 10:53:51.0890 Boot type: Normal boot
2010/10/31 10:53:51.0890 ================================================================================
2010/10/31 10:53:52.0140 Initialize success
2010/10/31 10:53:54.0265 ================================================================================
2010/10/31 10:53:54.0265 Scan started
2010/10/31 10:53:54.0265 Mode: Manual;
2010/10/31 10:53:54.0265 ================================================================================
2010/10/31 10:53:55.0609 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/31 10:53:55.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/31 10:53:56.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/31 10:53:56.0312 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/31 10:53:56.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/31 10:53:56.0687 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/31 10:53:56.0875 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/31 10:53:57.0562 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/31 10:53:57.0750 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/31 10:53:57.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/31 10:53:57.0984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/31 10:53:58.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/31 10:53:58.0390 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/31 10:53:58.0562 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/31 10:53:58.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/31 10:53:58.0859 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/31 10:53:59.0093 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/31 10:53:59.0265 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/31 10:53:59.0328 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/31 10:53:59.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/31 10:53:59.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/31 10:53:59.0953 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/31 10:54:00.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/31 10:54:00.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/31 10:54:01.0140 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
2010/10/31 10:54:01.0296 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/10/31 10:54:01.0328 AVG Anti-Rootkit - detected Unsigned file (1)
2010/10/31 10:54:01.0375 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/10/31 10:54:01.0390 AvgArCln - detected Unsigned file (1)
2010/10/31 10:54:01.0640 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/31 10:54:02.0437 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/31 10:54:02.0546 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/31 10:54:02.0718 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/31 10:54:02.0828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/31 10:54:03.0015 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
2010/10/31 10:54:03.0062 btaudio - detected Unsigned file (1)
2010/10/31 10:54:03.0140 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/10/31 10:54:03.0156 BTDriver - detected Unsigned file (1)
2010/10/31 10:54:03.0250 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/31 10:54:03.0421 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/31 10:54:03.0625 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/31 10:54:03.0781 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/31 10:54:04.0046 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/10/31 10:54:04.0125 BTKRNL - detected Unsigned file (1)
2010/10/31 10:54:04.0187 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
2010/10/31 10:54:04.0203 BTSERIAL - detected Unsigned file (1)
2010/10/31 10:54:04.0296 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/10/31 10:54:04.0328 BTWDNDIS - detected Unsigned file (1)
2010/10/31 10:54:04.0406 BTWUSB (fca94255e0a0e65c7c93530bdf10adca) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/10/31 10:54:04.0437 BTWUSB - detected Unsigned file (1)
2010/10/31 10:54:04.0468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/31 10:54:04.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/31 10:54:04.0781 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/31 10:54:04.0984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/31 10:54:05.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/31 10:54:06.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/31 10:54:06.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/31 10:54:06.0421 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/31 10:54:06.0937 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/31 10:54:07.0187 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/31 10:54:07.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/31 10:54:07.0593 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/31 10:54:07.0921 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/31 10:54:08.0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/31 10:54:08.0703 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/10/31 10:54:08.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/31 10:54:09.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/31 10:54:09.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/31 10:54:10.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/31 10:54:10.0531 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/31 10:54:11.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/31 10:54:11.0437 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/31 10:54:11.0656 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
2010/10/31 10:54:11.0703 EpmPsd - detected Unsigned file (1)
2010/10/31 10:54:11.0796 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
2010/10/31 10:54:11.0828 EpmShd - detected Unsigned file (1)
2010/10/31 10:54:12.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/31 10:54:12.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/31 10:54:13.0281 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/31 10:54:13.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/31 10:54:14.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/31 10:54:14.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/31 10:54:14.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/31 10:54:15.0453 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/31 10:54:15.0593 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/31 10:54:16.0000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/31 10:54:16.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/31 10:54:16.0656 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/31 10:54:16.0921 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/31 10:54:17.0328 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/31 10:54:17.0750 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/31 10:54:18.0218 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/31 10:54:18.0500 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/31 10:54:18.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/31 10:54:18.0968 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/31 10:54:19.0234 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/31 10:54:19.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/31 10:54:20.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/31 10:54:20.0390 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/31 10:54:20.0843 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/10/31 10:54:20.0875 int15.sys - detected Unsigned file (1)
2010/10/31 10:54:21.0671 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/31 10:54:22.0812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/31 10:54:23.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/31 10:54:23.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/31 10:54:24.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/31 10:54:24.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/31 10:54:25.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/31 10:54:25.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/31 10:54:25.0562 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/31 10:54:25.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/31 10:54:25.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/31 10:54:26.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/31 10:54:26.0265 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/31 10:54:26.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/31 10:54:26.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/31 10:54:26.0937 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
2010/10/31 10:54:27.0218 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
2010/10/31 10:54:27.0421 lvmvdrv - detected Unsigned file (1)
2010/10/31 10:54:27.0531 LVPrcMon (d8cf31431aa398c1d79931203a75332f) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2010/10/31 10:54:27.0562 LVPrcMon - detected Unsigned file (1)
2010/10/31 10:54:27.0765 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/10/31 10:54:27.0843 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/31 10:54:27.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/31 10:54:28.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/31 10:54:28.0359 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/31 10:54:28.0531 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/31 10:54:28.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/31 10:54:28.0968 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/10/31 10:54:29.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/31 10:54:29.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/31 10:54:29.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/31 10:54:29.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/31 10:54:29.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/31 10:54:30.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/31 10:54:30.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/31 10:54:30.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/31 10:54:30.0718 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/31 10:54:30.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/31 10:54:31.0046 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/31 10:54:31.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/31 10:54:31.0453 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
2010/10/31 10:54:31.0468 NdisFilt - detected Unsigned file (1)
2010/10/31 10:54:31.0546 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/31 10:54:31.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/31 10:54:31.0859 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/31 10:54:32.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/31 10:54:32.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/31 10:54:32.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/31 10:54:32.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/31 10:54:33.0203 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
2010/10/31 10:54:33.0234 NETMNT - detected Unsigned file (1)
2010/10/31 10:54:33.0359 NetworkX (a58e14e33fc4d38e8089f72997405a55) C:\WINDOWS\system32\ckldrv.sys
2010/10/31 10:54:33.0421 NetworkX - detected Unsigned file (1)
2010/10/31 10:54:33.0562 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/31 10:54:34.0031 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/31 10:54:34.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/31 10:54:34.0921 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/10/31 10:54:34.0968 NTIDrvr - detected Unsigned file (1)
2010/10/31 10:54:35.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/31 10:54:36.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/31 10:54:36.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/31 10:54:37.0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/31 10:54:37.0656 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2010/10/31 10:54:37.0687 OsaFsLoc - detected Unsigned file (1)
2010/10/31 10:54:37.0765 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2010/10/31 10:54:37.0796 osaio - detected Unsigned file (1)
2010/10/31 10:54:38.0031 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2010/10/31 10:54:38.0031 osanbm - detected Unsigned file (1)
2010/10/31 10:54:38.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/31 10:54:38.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/31 10:54:38.0937 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/31 10:54:39.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/31 10:54:39.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/31 10:54:40.0218 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/31 10:54:40.0671 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/31 10:54:40.0703 pcouffin - detected Unsigned file (1)
2010/10/31 10:54:41.0750 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/31 10:54:42.0406 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/31 10:54:42.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/31 10:54:43.0203 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/31 10:54:43.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/31 10:54:44.0031 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/31 10:54:44.0218 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/31 10:54:44.0671 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/31 10:54:45.0062 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/31 10:54:45.0546 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/31 10:54:45.0937 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/31 10:54:46.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/31 10:54:46.0875 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/31 10:54:47.0281 Rasl2tp (39e69c3b1f328676a0dae3551fcfe2d8) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/31 10:54:47.0281 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasl2tp.sys. Real md5: 39e69c3b1f328676a0dae3551fcfe2d8, Fake md5: 11b4a627bc9614b885c4969bfa5ff8a6
2010/10/31 10:54:47.0296 Rasl2tp - detected Forged file (1)
2010/10/31 10:54:47.0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/31 10:54:47.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/31 10:54:48.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/31 10:54:48.0812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/31 10:54:49.0203 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/31 10:54:49.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/31 10:54:50.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/31 10:54:50.0765 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/31 10:54:51.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/31 10:54:51.0968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/31 10:54:52.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/31 10:54:52.0593 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/31 10:54:52.0984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/31 10:54:53.0484 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
2010/10/31 10:54:53.0890 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/10/31 10:54:54.0343 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/31 10:54:54.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/31 10:54:55.0281 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/31 10:54:55.0812 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/31 10:54:56.0203 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/31 10:54:56.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/31 10:54:56.0750 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/31 10:54:57.0062 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/31 10:54:57.0250 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/31 10:54:57.0734 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/31 10:54:58.0531 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/31 10:54:59.0375 SynTP (f02ac372911f034b56182dc4bd6cb3af) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/31 10:55:00.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/31 10:55:02.0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/31 10:55:03.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/31 10:55:04.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/31 10:55:05.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/31 10:55:05.0796 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/10/31 10:55:06.0546 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/31 10:55:07.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/31 10:55:10.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/31 10:55:11.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/31 10:55:13.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/31 10:55:13.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/31 10:55:14.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/31 10:55:15.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/31 10:55:15.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/31 10:55:16.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/31 10:55:17.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/31 10:55:17.0812 Suspicious service (NoAccess): vbmac6dc
2010/10/31 10:55:18.0406 vbmac6dc (40aeb1b54132ef90f5853a3fa19b8f6d) C:\WINDOWS\system32\drivers\vbmac6dc.sys
2010/10/31 10:55:18.0406 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmac6dc.sys. md5: 40aeb1b54132ef90f5853a3fa19b8f6d
2010/10/31 10:55:18.0437 vbmac6dc - detected Locked service (1)
2010/10/31 10:55:18.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/31 10:55:19.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/31 10:55:20.0250 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/31 10:55:20.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/31 10:55:21.0703 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/10/31 10:55:24.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/31 10:55:25.0187 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/31 10:55:26.0156 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/31 10:55:26.0812 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/31 10:55:27.0359 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/31 10:55:28.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/31 10:55:28.0750 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/31 10:55:29.0140 ================================================================================
2010/10/31 10:55:29.0140 Scan finished
2010/10/31 10:55:29.0140 ================================================================================
2010/10/31 10:55:29.0265 Detected object count: 23
2010/10/31 10:56:02.0687 Unsigned file(AVG Anti-Rootkit) - User select action: Skip
2010/10/31 10:56:02.0687 Unsigned file(AvgArCln) - User select action: Skip
2010/10/31 10:56:02.0687 Unsigned file(btaudio) - User select action: Skip
2010/10/31 10:56:02.0687 Unsigned file(BTDriver) - User select action: Skip
2010/10/31 10:56:02.0687 Unsigned file(BTKRNL) - User select action: Skip
2010/10/31 10:56:02.0687 Unsigned file(BTSERIAL) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(BTWDNDIS) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(BTWUSB) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(EpmPsd) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(EpmShd) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(int15.sys) - User select action: Skip
2010/10/31 10:56:02.0703 Unsigned file(lvmvdrv) - User select action: Skip
2010/10/31 10:56:02.0718 Unsigned file(LVPrcMon) - User select action: Skip
2010/10/31 10:56:02.0718 Unsigned file(NdisFilt) - User select action: Skip
2010/10/31 10:56:02.0718 Unsigned file(NETMNT) - User select action: Skip
2010/10/31 10:56:02.0718 Unsigned file(NetworkX) - User select action: Skip
2010/10/31 10:56:02.0718 Unsigned file(NTIDrvr) - User select action: Skip
2010/10/31 10:56:02.0734 Unsigned file(OsaFsLoc) - User select action: Skip
2010/10/31 10:56:02.0734 Unsigned file(osaio) - User select action: Skip
2010/10/31 10:56:02.0734 Unsigned file(osanbm) - User select action: Skip
2010/10/31 10:56:02.0734 Unsigned file(pcouffin) - User select action: Skip
2010/10/31 10:56:02.0734 Forged file(Rasl2tp) - User select action: Skip
2010/10/31 10:56:02.0734 Locked service(vbmac6dc) - User select action: Skip

Edited by achasse, 31 October 2010 - 10:35 AM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 31 October 2010 - 10:49 AM

Hi,

The MBAM log is showing no action taken, so allow it to delete the items if it will,

The bad driver will be recreated on boot up unless we can eliminate what is respawning it.

This is a tricky infection, anything that can get the tools we need to run is good.

Try disabling that driver in the Recovery Console,

then try ComboFix again after running MalwareBytes

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 achasse

achasse
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 31 October 2010 - 11:01 AM

Hi,

Big problem

I was not able to install the recovery console (windows was pre-installed on my computer)
I tried installing it with the I386 directory on my c:, but it said that I have a newer version of windows.

The otl stopped like the combofix.

any other idea considering the two log I posted ?
Note I tried deleting the problem with malwarebytes but it seems that it did not worked.
I have not tried with tdsskiller for all the suspicious files!

Edited by achasse, 31 October 2010 - 11:13 AM.


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:54 AM

Posted 31 October 2010 - 11:09 AM

Do you have your installation disk? You can use that to access the recovery console

If not you can create a recovery console disk

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.


there are other options available, so don't give up

we'll keep trying till we find something that works

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users