Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect links, disabled sounds, taskbar changes


  • This topic is locked This topic is locked
2 replies to this topic

#1 Alex Powers

Alex Powers

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 17 November 2010 - 08:45 PM

Thanks in advance for looking and I hope to get some good advice here.

I am trying to get rid of a spam/redirect virus. The earliest problem I recall was when I got a fake alert from ThinkPoint. I was fooled by it at first as it looked legit but I quickly shut it down and I didn't think anything downloaded. However, since then, many links from google, especially to virus removal pages, redirect to spam sites, and new tabs will randomly open to spam sites but only once every 20 minutes or so.

Sometimes on restart, the taskbar and desktop icons are hidden until I end explorer.exe and start it again. Most annoyingly, after I am using Firefox for some time, the taskbar will switch from the blue XP mode to the grey "classic" mode, and many sounds will no longer play on my system. If I try to play a video/audio file in GOM player I get a message "This system does not have sound devices or sound devices does not installed properly." This lasts until a restart. However, some sounds in games like background music seem ok. I don't know why some work and some don't

System restore does not work. I tried it on 3 different restore points and it failed each time. I also cannot activate the Windows Firewall. I get a message that "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service."

Finally, anytime I try to post to this or another virus removal forum I get a message that I cannot connect. I don't have this message with any pages other than this and bullguard forums.

I have been using AVG free edition only. I ran full scans with Spybot, Ad-Aware, and MalwareBytes. I just installed Microsoft Security Essentials hoping it would help. All of these scans found "something" but not the root problem. Thank you for any suggestions or help you can offer!



DDS (Ver_10-11-10.01) - NTFSx86
Run by Alex at 22:11:31.21 on Tue 11/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.842 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\nHancer\nHancerService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\hardware\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [GuruClock] c:\program files\hardware\abit uguru\GuruClock.exe
mRun: [RegistryMechanic]
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149983999905
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149984482968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\4j9tjjd3.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\alex\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\alex\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\alex\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\alex\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\alex\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\media\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\media\divx\divx web player\npdivx32.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\media\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\media\real alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\media\real alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-15 64288]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2006-6-10 10752]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-23 10384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 eBook;eBook;c:\windows\system32\drivers\eBook.sys [2005-6-25 22072]
S3 PanelSvc;PanelSvc;"c:\program files\knowledge networks\panelapp\panelsvc.exe" --> c:\program files\knowledge networks\panelapp\PanelSvc.exe [?]

=============== Created Last 30 ================

2010-11-17 03:11:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-17 01:49:29 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\Apple Computer
2010-11-17 00:04:40 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\Sunbelt Software
2010-11-16 04:16:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 04:16:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 01:26:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-15 19:19:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-15 19:18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-15 19:03:11 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-15 19:02:38 -------- d-----w- c:\program files\Lavasoft
2010-11-15 18:15:27 -------- d-----w- C:\temp
2010-11-15 14:26:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-15 14:16:38 6146896 ------w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{32e8fbab-65ee-4fd0-98be-c937385b8e13}\mpengine.dll
2010-11-15 05:10:00 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-15 04:47:04 -------- d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2010-11-15 04:46:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-14 16:35:30 -------- d-----w- c:\windows\pss
2010-11-14 07:25:16 -------- d-sh--w- c:\documents and settings\alex\IECompatCache
2010-11-07 16:16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-07 16:14:46 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-11-07 16:14:45 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-11-07 16:14:45 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-11-07 16:14:45 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-10-24 19:08:04 -------- d-----w- c:\docume~1\alex\applic~1\AVG10
2010-10-24 19:07:04 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-24 19:06:01 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-24 19:06:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-24 18:48:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-21 01:31:16 -------- d-----w- c:\program files\SmartOnLine

==================== Find3M ====================

2010-11-17 03:10:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-27 23:30:54 1409 ----a-w- c:\windows\QTFont.for
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 15:38:52 44646 ----a-w- c:\windows\system32\FlashMenu.sys
2008-07-16 05:09:00 73336 ----a-w- c:\program files\xpicleanup.exe
2008-07-16 05:09:00 12400 ----a-w- c:\program files\xpistub.dll
2001-08-18 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_16.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3300822AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A734446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a73a504]; MOV EAX, [0x8a73a580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A6B2AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000072[0x8A6B5F18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A728D98]
\Driver\atapi[0x8A6EFC18] -> IRP_MJ_CREATE -> 0x8A734446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3300822AS_____________________________3.AAD___#5&399c911e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A734292
user != kernel MBR !!!
sectors 586072366 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 22:13:29.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Alex Powers

Alex Powers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 23 November 2010 - 07:56 PM

Nevermind, resolved problem using combofix. Mods please feel free to close or delete this thread

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 24 November 2010 - 04:49 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users