Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New* malware removal request..


  • This topic is locked This topic is locked
16 replies to this topic

#1 feromonic

feromonic

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 06:19 AM

Ok .. I have some kind Of Virus that Redirects the F*** Out of My Computer If Im Clicking Links Or not It just decides Oh well You should Look at this or oh let me open a new tab and Look at this fake Virus scan ECT you guys Im sure know what Im talking about Also .. Its Way Choking Down My Net .. My Light Stays Pegged almost 24/7 Now Its Either Screwing with My Cursur Or its Just loading my CPU to the point of Lag .. It will Just randomly Freeze( this Has Just started to happen today) Or It Will BSOD (also Just started that today ) ( Ive been Fighting It for a few days Now ) It also Seems to be bringing In Trojans But that could I asume also Be from the redirects?? ... AVG Full Does Not Find It ... Spyware Terminator Does NOT find It .. I can NOT Find It ... Google-Fu Did Not help .. Maybe Someone Can Help ? Google Brought Me Here After 4-5 random BS links B4 Finally Working Lol.. I find It almost funny cause its driving Me Insane .. Not had One stump me like this In a very long time

Thanx


Following Directions I received From Previous Post >>Here




DDS Log >>DDS (Ver_11-03-05.01) - NTFSx86
Run by Pammie Sue at 2:36:18.39 on Mon 04/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.141 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pammie Sue\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uSearch Page = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyServer = http=
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CubeDesktop]
uRun: [DesktopX] "c:\program files\stardock\object desktop\desktopx\DesktopX Builder.exe" -noui
uRun: [Google Update] "c:\documents and settings\pammie sue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VTTimer] VTTimer.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smcwus~1.lnk - c:\program files\smc\smcwusb-g 802.11g wireless usb 2.0 adapter\SMCWGUTI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\pammie sue\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - hxxp://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\pammie~1\applic~1\mozilla\firefox\profiles\uahp99ls.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\pammie sue\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\pammie sue\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\pammie sue\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {9F6E7F30-3B84-4813-8045-75BA70070FDD} - c:\documents and settings\pammie sue\local settings\application data\{9F6E7F30-3B84-4813-8045-75BA70070FDD}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Pink Fox: {e7348bc0-16f6-11de-8c30-0800200c9a66} - %profile%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
FF - Ext: BloodFire 3: bloodfire@example.com - %profile%\extensions\bloodfire@example.com
FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 296400]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-14 37056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2008-4-11 722432]
S1 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-14 308416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2010-8-15 371349]
S3 cpuz132;cpuz132;\??\c:\docume~1\pammie~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pammie~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2010-11-12 22304]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-7-12 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-12 8320]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041222.016\NAVENG.Sys [2004-12-25 72712]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041222.016\NavEx15.Sys [2004-12-25 629544]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-11-12 16640]
.
=============== Created Last 30 ================
.
2011-04-10 23:37:36 -------- d-----w- c:\program files\XviD
2011-04-10 23:37:30 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-10 23:37:06 -------- d-----w- c:\program files\AutoGK
2011-04-10 23:24:31 -------- d-----w- c:\docume~1\pammie~1\applic~1\HamsterSoft
2011-04-10 23:18:42 -------- d-----w- c:\program files\Hamster Soft
2011-04-10 23:12:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Xilisoft
2011-04-10 23:12:04 -------- d-----w- c:\program files\Xilisoft
2011-04-10 23:07:22 -------- d-----w- c:\docume~1\pammie~1\locals~1\applic~1\David_Dolinski
2011-04-10 23:04:46 -------- d-----w- c:\program files\Dado
2011-04-09 23:41:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-09 23:41:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-09 23:26:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 23:25:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 23:00:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-09 23:00:49 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-09 23:00:28 -------- d-----w- c:\program files\Easy CD-DA Extractor 2010
2011-04-09 19:01:28 54016 ----a-w- c:\windows\system32\drivers\loykh.sys
2011-04-09 15:21:18 -------- d-----w- c:\docume~1\pammie~1\applic~1\Malwarebytes
2011-04-09 15:17:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-09 15:17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 01:56:00 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-09 01:55:59 -------- d-----w- c:\program files\CPUID
2011-04-08 22:38:07 -------- d-----w- c:\program files\SpeedFan
2011-04-04 05:15:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-04 05:15:08 -------- d-----w- c:\docume~1\pammie~1\applic~1\Spyware Terminator
2011-04-04 05:14:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2011-04-04 05:13:58 -------- d-----w- c:\program files\Spyware Terminator
2011-03-29 01:34:32 -------- d-----w- c:\program files\Search Toolbar
2011-03-29 01:34:16 -------- d-----w- c:\program files\AvancePaint
2011-03-27 18:40:48 -------- d--h--w- C:\$AVG
2011-03-27 17:39:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-27 12:47:42 -------- d-----w- C:\b0ad1a916b9d005434
2011-03-21 01:39:57 -------- d-----w- c:\program files\Softube
2011-03-20 20:01:34 13545472 ----a-w- c:\windows\system32\SSL X-Verb Stereo.dll
2011-03-20 20:01:31 6569984 ----a-w- c:\windows\system32\SSL X-Eq Stereo.dll
2011-03-20 20:01:29 6569984 ----a-w- c:\windows\system32\SSL X-Eq Mono.dll
2011-03-20 20:01:27 6217728 ----a-w- c:\windows\system32\SSL X-Comp Stereo.dll
2011-03-20 20:01:24 6217728 ----a-w- c:\windows\system32\SSL X-Comp Mono.dll
2011-03-20 20:01:22 5079040 ----a-w- c:\windows\system32\SSL Vocalstrip Stereo.dll
2011-03-20 20:01:18 5074944 ----a-w- c:\windows\system32\SSL Vocalstrip Mono.dll
2011-03-20 20:01:14 5787648 ----a-w- c:\windows\system32\SSL Drumstrip Stereo.dll
2011-03-20 20:01:05 5783552 ----a-w- c:\windows\system32\SSL Drumstrip Mono.dll
2011-03-20 20:00:47 15695872 ----a-w- c:\windows\system32\SSL Channel Stereo.dll
2011-03-20 20:00:39 7122944 ----a-w- c:\windows\system32\SSL Bus Compressor Stereo.dll
2011-03-20 20:00:39 15687680 ----a-w- c:\windows\system32\SSL Channel Mono.dll
2011-03-20 20:00:37 7122944 ----a-w- c:\windows\system32\SSL Bus Compressor Mono.dll
2011-03-20 20:00:37 69632 ----a-w- c:\windows\system32\FxShared.dll
2011-03-20 20:00:37 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2011-03-20 19:59:36 -------- d-----w- c:\program files\Solid State Logic
2011-03-19 18:12:56 86016 ----a-w- c:\windows\unvise32.exe
2011-03-19 18:05:46 -------- d-----w- c:\docume~1\pammie~1\locals~1\applic~1\Native Instruments
2011-03-19 04:30:26 -------- d-----w- c:\program files\common files\Digidesign
2011-03-19 04:11:53 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2011-03-19 04:11:53 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-03-19 04:06:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Syncrosoft
2011-03-17 21:37:45 -------- d-----w- c:\program files\ASIO4ALL v2
2011-03-17 21:33:38 -------- d-----w- c:\program files\Outsim
2011-03-14 21:33:23 -------- d-----w- c:\docume~1\pammie~1\applic~1\Korg
2011-03-14 21:32:44 327680 ----a-r- c:\docume~1\pammie~1\applic~1\microsoft\installer\{aae4b36c-7a25-4513-975b-ace7437572a0}\NewShortcut1_A549AAA17D2C491197DB9A87E0B73412.exe
2011-03-14 21:32:40 -------- d-----w- c:\program files\KORG
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1203N rev.TL100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-24
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8376B439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x837717d0]; MOV EAX, [0x8377184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8378EAB8]
3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000007f[0x83760138]
5 ACPI[0xF74FE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8375AD98]
\Driver\atapi[0x8377C030] -> IRP_MJ_CREATE -> 0x8376B439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-1c -> \??\IDE#DiskSAMSUNG_SP1203N_________________________TL100-24#30535130314a5830383332353834202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8376B27F
user != kernel MBR !!!
sectors 234493054 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 2:41:39.76 ===============

Attached Files


Edited by heir, 11 April 2011 - 08:49 AM.
removing tags


BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 07:42 AM

Looks as you've caught a Bootkit infection.

Let's begin like this.


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Then update MBAM and run a Quickscan and post the content of the log.


How is your computer running after those steps?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 08:42 AM

TDSS Log >>

2011/04/11 09:31:18.0453 3100 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 09:31:18.0718 3100 ================================================================================
2011/04/11 09:31:18.0718 3100 SystemInfo:
2011/04/11 09:31:18.0718 3100
2011/04/11 09:31:18.0718 3100 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/11 09:31:18.0718 3100 Product type: Workstation
2011/04/11 09:31:18.0718 3100 ComputerName: BUGLER2
2011/04/11 09:31:18.0718 3100 UserName: Pammie Sue
2011/04/11 09:31:18.0718 3100 Windows directory: C:\WINDOWS
2011/04/11 09:31:18.0718 3100 System windows directory: C:\WINDOWS
2011/04/11 09:31:18.0718 3100 Processor architecture: Intel x86
2011/04/11 09:31:18.0718 3100 Number of processors: 1
2011/04/11 09:31:18.0718 3100 Page size: 0x1000
2011/04/11 09:31:18.0718 3100 Boot type: Normal boot
2011/04/11 09:31:18.0718 3100 ================================================================================
2011/04/11 09:31:18.0921 3100 Initialize success
2011/04/11 09:31:24.0093 0780 ================================================================================
2011/04/11 09:31:24.0093 0780 Scan started
2011/04/11 09:31:24.0093 0780 Mode: Manual;
2011/04/11 09:31:24.0093 0780 ================================================================================
2011/04/11 09:31:27.0218 0780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/11 09:31:27.0562 0780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/11 09:31:28.0156 0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/11 09:31:28.0500 0780 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/11 09:31:29.0843 0780 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/04/11 09:31:30.0765 0780 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/11 09:31:31.0906 0780 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/04/11 09:31:32.0562 0780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/11 09:31:33.0843 0780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/11 09:31:34.0125 0780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/11 09:31:35.0578 0780 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/11 09:31:36.0718 0780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/11 09:31:37.0015 0780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/11 09:31:37.0359 0780 AVGIDSDriver (646cccd12886facb8676bdd9b7d54e29) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/04/11 09:31:37.0703 0780 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/04/11 09:31:38.0000 0780 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/04/11 09:31:38.0359 0780 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/04/11 09:31:38.0765 0780 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/04/11 09:31:39.0140 0780 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/04/11 09:31:39.0468 0780 Avgrkx86 (ffbe8adeb1fd8640540bf6e4a137b3ef) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/04/11 09:31:39.0828 0780 Avgtdix (69e6adf5cbbdeb5f2b727c93937a5823) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/04/11 09:31:40.0218 0780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/11 09:31:40.0562 0780 BootScreen (a9dbf79632f508655704eb142df16247) C:\WINDOWS\System32\drivers\vidstub.sys
2011/04/11 09:31:40.0906 0780 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/11 09:31:40.0968 0780 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/11 09:31:41.0343 0780 BT848 (028a7743dff85bda7ce9d507fe104cdf) C:\WINDOWS\system32\DRIVERS\BT848.sys
2011/04/11 09:31:41.0750 0780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/11 09:31:42.0046 0780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/11 09:31:42.0609 0780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/11 09:31:42.0921 0780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/11 09:31:43.0218 0780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/11 09:31:44.0671 0780 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/04/11 09:31:45.0468 0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/11 09:31:45.0968 0780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/11 09:31:46.0515 0780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/11 09:31:46.0875 0780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/11 09:31:47.0187 0780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/11 09:31:47.0750 0780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/11 09:31:48.0140 0780 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/04/11 09:31:48.0546 0780 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/04/11 09:31:48.0906 0780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/11 09:31:49.0265 0780 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/04/11 09:31:49.0625 0780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/11 09:31:49.0968 0780 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/04/11 09:31:50.0281 0780 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/04/11 09:31:50.0593 0780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/11 09:31:50.0890 0780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/11 09:31:51.0234 0780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/11 09:31:51.0578 0780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/11 09:31:51.0875 0780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/11 09:31:52.0171 0780 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/11 09:31:52.0421 0780 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/04/11 09:31:52.0718 0780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/11 09:31:53.0031 0780 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
2011/04/11 09:31:53.0359 0780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/11 09:31:53.0937 0780 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/11 09:31:54.0234 0780 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/11 09:31:54.0515 0780 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/11 09:31:54.0890 0780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/11 09:31:55.0734 0780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/11 09:31:56.0062 0780 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/11 09:31:56.0390 0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/11 09:31:56.0953 0780 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/04/11 09:31:57.0234 0780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/11 09:31:57.0531 0780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/11 09:31:57.0843 0780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/11 09:31:58.0156 0780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/11 09:31:58.0500 0780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/11 09:31:58.0843 0780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/11 09:31:59.0140 0780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/11 09:31:59.0421 0780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/11 09:31:59.0718 0780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/11 09:32:00.0046 0780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/11 09:32:00.0390 0780 KORGUMDS (fc2486f35ebc5826e398f08462092bfb) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
2011/04/11 09:32:00.0718 0780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/11 09:32:01.0312 0780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/11 09:32:01.0609 0780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/11 09:32:01.0921 0780 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/04/11 09:32:02.0187 0780 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/04/11 09:32:02.0484 0780 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/04/11 09:32:02.0781 0780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/11 09:32:03.0093 0780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/11 09:32:03.0375 0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/11 09:32:04.0125 0780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/11 09:32:04.0562 0780 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/11 09:32:05.0000 0780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/11 09:32:05.0265 0780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/11 09:32:05.0531 0780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/11 09:32:05.0828 0780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/11 09:32:06.0125 0780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/11 09:32:06.0406 0780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/11 09:32:06.0687 0780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/11 09:32:07.0015 0780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/11 09:32:07.0265 0780 NAVENG (45035b0783f4eebf13b31f95c644c4a0) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NAVENG.Sys
2011/04/11 09:32:07.0609 0780 NAVEX15 (d9835ec914de095863877fba4ba3b60f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NavEx15.Sys
2011/04/11 09:32:08.0125 0780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/11 09:32:08.0453 0780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/11 09:32:08.0765 0780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/11 09:32:09.0046 0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/11 09:32:09.0328 0780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/11 09:32:09.0640 0780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/11 09:32:09.0937 0780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/11 09:32:10.0265 0780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/11 09:32:10.0656 0780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/11 09:32:11.0015 0780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/11 09:32:11.0406 0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/11 09:32:11.0859 0780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/11 09:32:12.0609 0780 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/11 09:32:13.0375 0780 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/04/11 09:32:13.0687 0780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/11 09:32:14.0000 0780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/11 09:32:14.0328 0780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/11 09:32:14.0750 0780 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/04/11 09:32:15.0125 0780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/11 09:32:15.0406 0780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/11 09:32:15.0703 0780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/11 09:32:16.0015 0780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/11 09:32:16.0531 0780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/11 09:32:16.0843 0780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/11 09:32:18.0593 0780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/11 09:32:18.0890 0780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/11 09:32:19.0203 0780 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/04/11 09:32:19.0500 0780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/11 09:32:19.0765 0780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/11 09:32:21.0125 0780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/11 09:32:21.0437 0780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/11 09:32:21.0718 0780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/11 09:32:22.0000 0780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/11 09:32:22.0328 0780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/11 09:32:22.0625 0780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/11 09:32:22.0953 0780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/11 09:32:23.0281 0780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/11 09:32:23.0609 0780 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/04/11 09:32:23.0812 0780 SAVRT (7a1dcba368dacb5ca41e40f97f43aaa8) c:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/04/11 09:32:23.0875 0780 SAVRTPEL (395df1ccad06b8d47f2d78c2d78f4cd5) c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/04/11 09:32:24.0234 0780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/11 09:32:24.0531 0780 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/11 09:32:24.0796 0780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/11 09:32:25.0109 0780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/11 09:32:25.0421 0780 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/04/11 09:32:26.0125 0780 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/04/11 09:32:26.0437 0780 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/04/11 09:32:26.0718 0780 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/04/11 09:32:27.0000 0780 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/04/11 09:32:27.0328 0780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/11 09:32:27.0859 0780 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
2011/04/11 09:32:28.0140 0780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/11 09:32:28.0437 0780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/11 09:32:28.0812 0780 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/11 09:32:29.0109 0780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/11 09:32:29.0890 0780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/11 09:32:30.0203 0780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/11 09:32:31.0718 0780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/11 09:32:32.0109 0780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/11 09:32:32.0453 0780 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/04/11 09:32:32.0750 0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/11 09:32:33.0015 0780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/11 09:32:33.0328 0780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/11 09:32:33.0906 0780 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/04/11 09:32:34.0218 0780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/11 09:32:34.0781 0780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/11 09:32:35.0093 0780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/11 09:32:35.0406 0780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/11 09:32:35.0703 0780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/11 09:32:35.0984 0780 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/11 09:32:36.0281 0780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/11 09:32:36.0578 0780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/11 09:32:36.0875 0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/11 09:32:37.0156 0780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/11 09:32:37.0453 0780 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/04/11 09:32:37.0750 0780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/11 09:32:38.0078 0780 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/04/11 09:32:38.0500 0780 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/04/11 09:32:38.0875 0780 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/11 09:32:39.0281 0780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/11 09:32:39.0734 0780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/11 09:32:40.0140 0780 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/04/11 09:32:40.0703 0780 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/11 09:32:41.0468 0780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/11 09:32:41.0953 0780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/11 09:32:42.0390 0780 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys
2011/04/11 09:32:42.0781 0780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/11 09:32:43.0187 0780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/11 09:32:43.0609 0780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/11 09:32:44.0203 0780 ZD1211BU(Atheros) (b8f451c48e8c5580c3b4521a17a52149) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
2011/04/11 09:32:44.0656 0780 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/04/11 09:32:45.0078 0780 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/04/11 09:32:45.0593 0780 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/04/11 09:32:46.0562 0780 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/11 09:32:46.0562 0780 ================================================================================
2011/04/11 09:32:46.0562 0780 Scan finished
2011/04/11 09:32:46.0562 0780 ================================================================================
2011/04/11 09:32:46.0593 1072 Detected object count: 1
2011/04/11 09:32:50.0859 1072 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/11 09:32:50.0859 1072 \HardDisk1 - ok
2011/04/11 09:32:50.0859 1072 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/04/11 09:33:02.0765 2464 Deinitialize success

Edited by heir, 11 April 2011 - 08:48 AM.
removing tag


#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 08:47 AM

Please don't enclose the logs with any tags. Just copy and paste them in your replies.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 09:53 AM

Malwarebytes >>

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6321

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/11/2011 10:51:41 AM
mbam-log-2011-04-11 (10-51-41).txt

Scan type: Quick scan
Objects scanned: 225914
Time elapsed: 37 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\Wzs.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

#6 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 10:02 AM

And how is your computer running now?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#7 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 11:31 AM

I does Seem To Be Doing Fine .. Thank You!

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 11:58 AM

Let's do a scan for leftovers as well.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 01:38 PM

<< Scanning
My cat ended the scan Had to restart lol

#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 01:49 PM

<< Scanning
My cat ended the scan Had to restart lol

An undisciplined cat. :wink:
We use a "Kitty" on the forums as well, but that one finds, chases and destroys the malware for us. :lol:

I'll be waiting some more then.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 03:02 PM

This Is Ungodly Slow???.. Its only at 20% since my last post .. But it has found 9 threats

#12 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 April 2011 - 04:17 PM

This Is Ungodly Slow???.. Its only at 20% since my last post .. But it has found 9 threats

Hm it takes quite a while like hours to complete... no worries I'll be here when it arrives. :wink:

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#13 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 11 April 2011 - 05:52 PM

Cool.. Its Saying 99% now and Has Stuck there for awhile .. It cant Be to Much Longer

And Really Is Any Cat Disciplined? :)

#14 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 12 April 2011 - 02:47 AM

Cool.. Its Saying 99% now and Has Stuck there for awhile .. It cant Be to Much Longer

And Really Is Any Cat Disciplined? :)

The "Kitty" we use are about 99,9999% safe. Should she do something wrong, the owner steps in an discipline her. :wink:

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#15 feromonic

feromonic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:29 PM

Posted 12 April 2011 - 03:09 PM

LMAO ^^ Sorry I couldnt Get Back On Last Night I got Called Into Work
This is all that came Up and I know What It Is >>

F:\Downloads\Music Programs Plugins ECT\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users