Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Webhp virus on family pc


  • This topic is locked This topic is locked
3 replies to this topic

#1 jimtherabidcow

jimtherabidcow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 December 2010 - 11:34 AM

i was having some issues trying to get rid of this and fallowed the what you guys said to do. so far the only issue i've been having is the google.com/webhp issue and some random popups from time to time. here's the log, hope this helps

DDS (Ver_10-12-12.02) - NTFSx86
Run by Waddell at 23:38:29.25 on Mon 12/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1105 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Waddell\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70779
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\inbox\ssaver\CSSaver.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\waddell\applic~1\mozilla\firefox\profiles\e4gci4il.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-3-6 249424]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-3-6 34384]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-3-6 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 136176]
S3 cpuz132;cpuz132;\??\c:\docume~1\waddell\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\waddell\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 I97NSD;I97NSD;c:\program files\avanquest\fix-it\nsd.sys [2008-9-24 14344]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]

=============== Created Last 30 ================

2010-12-14 03:16:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-14 03:16:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-14 03:08:34 -------- d-----w- c:\docume~1\waddell\applic~1\AVG10
2010-12-14 03:08:08 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-14 03:07:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-14 02:43:02 -------- d-----w- c:\docume~1\waddell\applic~1\AVG8
2010-12-14 02:24:52 -------- d-----w- C:\AVGTemp
2010-12-14 02:15:15 -------- d-----w- c:\program files\CCleaner
2010-12-14 00:02:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-13 03:06:13 -------- d-----w- c:\program files\iPod
2010-12-13 03:06:08 -------- d-----w- c:\program files\iTunes
2010-12-13 02:18:37 24576 ----a-w- c:\windows\3D Fireplace.scr
2010-12-13 02:18:12 -------- d-----w- c:\program files\Inbox
2010-12-13 02:09:00 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-12 06:35:21 -------- d-----w- c:\docume~1\waddell\applic~1\Tific
2010-12-12 06:35:18 -------- d-----w- c:\docume~1\waddell\locals~1\applic~1\Symantec
2010-12-12 06:18:50 -------- d-----w- c:\program files\STOPzilla!
2010-12-12 06:18:47 -------- d-----w- c:\program files\common files\iS3
2010-12-12 06:18:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-12-12 05:57:49 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-12 05:56:42 -------- d-----w- c:\program files\Norton AntiVirus
2010-12-12 05:56:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-12 05:56:25 -------- d-----w- c:\program files\NortonInstaller
2010-12-12 05:56:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-10 15:55:49 -------- d-----w- c:\docume~1\waddell\applic~1\Malwarebytes
2010-12-10 15:55:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 15:55:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-10 15:55:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 15:55:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 06:24:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-10 06:24:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-09 22:38:26 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-12-09 22:38:24 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-12-09 22:38:24 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-12-09 22:38:24 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-12-09 22:38:24 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-12-09 22:38:24 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-12-09 22:38:22 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-12-09 22:38:22 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-12-09 22:38:22 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-12-09 22:38:22 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-12-09 22:38:20 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-12-09 22:38:20 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-10-01 21:31:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A312555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a3187b0]; MOV EAX, [0x8a31882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A377AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000005e[0x8A378258]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A35ED98]
\Driver\atapi[0x8A34CB78] -> IRP_MJ_CREATE -> 0x8A312555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A31239B
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 23:39:44.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jimtherabidcow

jimtherabidcow
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 15 December 2010 - 04:23 PM

Update:
Now my audio device keeps getting uninstalled or whatever, i've fix it. however it gets anyoning casue i have to keep doing it. Also my start menu and task bar has a weired glitch look to it. it's set to look like the normal XP setting, however it randomly changes and looks like the classic look...but with the items in the task bar blue. Could really use some help?

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:38 PM

Posted 23 December 2010 - 03:52 PM

Hi jimtherabidcow,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum and apologies for the delay. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

Please update me on the current condition of your computer if you still need assistance.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:38 PM

Posted 27 December 2010 - 07:41 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users