Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Infected


  • Please log in to reply
11 replies to this topic

#1 Win7User

Win7User

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 April 2011 - 05:28 PM

I have a laptop I am trying to fix for my dad. I know a little about computers but I need some help with this. Lastweek he told me his laptop would not boot. It is an HP laptop. I turned it on it posted (showed HP screen) then a blinking _ . So I decided to take the drive out and put it in my desktop and scan. I got it connected to my desktop and my AV found Trojan:DOS/Aluren.A It was in boot:\Device\Harddisk1\DR6 . It found it right off without me even scanning. I clicked the fix. It said the computer needed to reboot. So I rebooted. Then shut down and put the drive back in the laptop. It booted up. I scanned with maleware bytes removed all it found. Then scanned again several times. I took the laptop back to my dad. Few days later he saids something is wrong. This time it seems the User Account was hijacked. I could look in the C drive it was empty or it did't show anything. Also I clicked start >Programs and nothing there. I have it about halfway fixed. I was hoping someone could help me with a hijack this. I have already ran combofix.

Thanks


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:20 AM

Posted 12 April 2011 - 06:44 PM

Hello and welcome.
Can you run this?
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next follow all the steps here Remove Windows Recovery
Posr the scan log,The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Post back two logs and tell me how it is now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Win7User

Win7User
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 April 2011 - 07:38 AM

I just ran TDSS it was clean. A few days ago I ran it and it found some things. I clicked for it to cure and rebooted. The MBAM log somehow got deleted. But it found some infections also and I removed them and rebooted. I have a HiJack this waiting to be posted if you want me too.


2011/04/13 08:19:29.0140 1880 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 08:19:29.0375 1880 ================================================================================
2011/04/13 08:19:29.0375 1880 SystemInfo:
2011/04/13 08:19:29.0375 1880
2011/04/13 08:19:29.0375 1880 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/13 08:19:29.0375 1880 Product type: Workstation
2011/04/13 08:19:29.0375 1880 ComputerName: NB-RAGARRETT-XP
2011/04/13 08:19:29.0375 1880 UserName: RAGARRETT
2011/04/13 08:19:29.0375 1880 Windows directory: C:\WINDOWS
2011/04/13 08:19:29.0375 1880 System windows directory: C:\WINDOWS
2011/04/13 08:19:29.0375 1880 Processor architecture: Intel x86
2011/04/13 08:19:29.0375 1880 Number of processors: 2
2011/04/13 08:19:29.0375 1880 Page size: 0x1000
2011/04/13 08:19:29.0375 1880 Boot type: Normal boot
2011/04/13 08:19:29.0375 1880 ================================================================================
2011/04/13 08:19:29.0890 1880 Initialize success
2011/04/13 08:19:33.0406 3724 ================================================================================
2011/04/13 08:19:33.0406 3724 Scan started
2011/04/13 08:19:33.0406 3724 Mode: Manual;
2011/04/13 08:19:33.0406 3724 ================================================================================
2011/04/13 08:19:34.0875 3724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/13 08:19:34.0937 3724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/13 08:19:35.0000 3724 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/04/13 08:19:35.0187 3724 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/04/13 08:19:35.0250 3724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/13 08:19:35.0312 3724 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/13 08:19:35.0531 3724 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/04/13 08:19:35.0812 3724 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/13 08:19:36.0000 3724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/13 08:19:36.0156 3724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/13 08:19:36.0187 3724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/13 08:19:36.0375 3724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/13 08:19:36.0437 3724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/13 08:19:36.0515 3724 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/04/13 08:19:36.0671 3724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/13 08:19:36.0796 3724 BTWUSB (00c8988da469e4ac087539bd77420123) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/13 08:19:37.0109 3724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/13 08:19:37.0203 3724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/13 08:19:37.0265 3724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/13 08:19:37.0312 3724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/13 08:19:37.0500 3724 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/13 08:19:37.0593 3724 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/13 08:19:37.0703 3724 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/13 08:19:37.0875 3724 CVPNDRVA (bc671fc8e626b7e93c6b40ec631e02f2) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/13 08:19:38.0000 3724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/13 08:19:38.0078 3724 DLABOIOM (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/04/13 08:19:38.0093 3724 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/04/13 08:19:38.0125 3724 DLADResN (33b2c320b886d4e6e7780796731e405b) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/04/13 08:19:38.0156 3724 DLAIFS_M (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/04/13 08:19:38.0187 3724 DLAOPIOM (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/04/13 08:19:38.0203 3724 DLAPoolM (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/04/13 08:19:38.0234 3724 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/04/13 08:19:38.0250 3724 DLAUDFAM (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/04/13 08:19:38.0281 3724 DLAUDF_M (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/04/13 08:19:38.0343 3724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/13 08:19:38.0531 3724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/13 08:19:38.0562 3724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/13 08:19:38.0640 3724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/13 08:19:38.0703 3724 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/13 08:19:38.0890 3724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/13 08:19:38.0968 3724 DRVMCDB (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/04/13 08:19:38.0984 3724 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/04/13 08:19:39.0062 3724 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/04/13 08:19:39.0093 3724 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/04/13 08:19:39.0265 3724 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/04/13 08:19:39.0312 3724 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/04/13 08:19:39.0390 3724 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2011/04/13 08:19:39.0421 3724 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2011/04/13 08:19:39.0609 3724 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/04/13 08:19:39.0718 3724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/13 08:19:39.0781 3724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/13 08:19:39.0984 3724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/13 08:19:40.0046 3724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/13 08:19:40.0109 3724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/13 08:19:40.0203 3724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/13 08:19:40.0406 3724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/13 08:19:40.0484 3724 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 08:19:40.0531 3724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/13 08:19:40.0609 3724 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/04/13 08:19:40.0671 3724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/13 08:19:40.0890 3724 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/13 08:19:41.0031 3724 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/13 08:19:41.0093 3724 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/13 08:19:41.0312 3724 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/13 08:19:41.0406 3724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/13 08:19:41.0687 3724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/13 08:19:42.0000 3724 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/13 08:19:42.0453 3724 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/13 08:19:42.0687 3724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/13 08:19:42.0812 3724 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/13 08:19:42.0875 3724 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/13 08:19:42.0953 3724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/13 08:19:43.0171 3724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/13 08:19:43.0234 3724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/13 08:19:43.0296 3724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/13 08:19:43.0359 3724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/13 08:19:43.0421 3724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/13 08:19:43.0640 3724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/13 08:19:43.0703 3724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/13 08:19:43.0765 3724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/13 08:19:43.0828 3724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/13 08:19:44.0046 3724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/13 08:19:44.0203 3724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/13 08:19:44.0265 3724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/13 08:19:44.0312 3724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/13 08:19:44.0375 3724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/13 08:19:44.0578 3724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/13 08:19:44.0640 3724 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
2011/04/13 08:19:44.0718 3724 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/13 08:19:44.0812 3724 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/13 08:19:45.0062 3724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/13 08:19:45.0125 3724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/13 08:19:45.0203 3724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/13 08:19:45.0234 3724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/13 08:19:45.0453 3724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/13 08:19:45.0531 3724 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/13 08:19:45.0593 3724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/13 08:19:45.0656 3724 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/13 08:19:45.0718 3724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/13 08:19:45.0937 3724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/13 08:19:46.0015 3724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/13 08:19:46.0093 3724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/13 08:19:46.0125 3724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/13 08:19:46.0453 3724 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/04/13 08:19:46.0687 3724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/13 08:19:46.0781 3724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/13 08:19:46.0859 3724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/13 08:19:47.0078 3724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/13 08:19:47.0140 3724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/13 08:19:47.0187 3724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/13 08:19:47.0265 3724 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/13 08:19:47.0500 3724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/13 08:19:47.0546 3724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/13 08:19:47.0625 3724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/13 08:19:47.0703 3724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/13 08:19:47.0968 3724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/13 08:19:48.0031 3724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/13 08:19:48.0484 3724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/13 08:19:48.0546 3724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/13 08:19:48.0625 3724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/13 08:19:48.0687 3724 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/13 08:19:49.0093 3724 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/04/13 08:19:49.0156 3724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/13 08:19:49.0265 3724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/13 08:19:49.0437 3724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/13 08:19:49.0546 3724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/13 08:19:49.0593 3724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/13 08:19:49.0703 3724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/13 08:19:49.0859 3724 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/13 08:19:49.0953 3724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/13 08:19:50.0062 3724 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/04/13 08:19:50.0203 3724 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/13 08:19:50.0234 3724 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/13 08:19:50.0453 3724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/13 08:19:50.0531 3724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/13 08:19:50.0671 3724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/13 08:19:50.0843 3724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/13 08:19:50.0937 3724 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/04/13 08:19:51.0046 3724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/13 08:19:51.0187 3724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/13 08:19:51.0343 3724 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/13 08:19:51.0531 3724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/13 08:19:51.0687 3724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/13 08:19:51.0875 3724 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/13 08:19:52.0046 3724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/13 08:19:52.0203 3724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/13 08:19:52.0359 3724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/13 08:19:52.0500 3724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/13 08:19:52.0625 3724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/13 08:19:52.0796 3724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/13 08:19:52.0859 3724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/13 08:19:53.0046 3724 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/13 08:19:53.0171 3724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/13 08:19:53.0250 3724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/13 08:19:53.0421 3724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/13 08:19:53.0546 3724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/13 08:19:53.0703 3724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/13 08:19:53.0765 3724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/13 08:19:53.0812 3724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/13 08:19:54.0000 3724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/13 08:19:54.0093 3724 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/13 08:19:54.0140 3724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/13 08:19:54.0250 3724 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
2011/04/13 08:19:54.0703 3724 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/04/13 08:19:54.0953 3724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/13 08:19:55.0031 3724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/13 08:19:55.0171 3724 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/13 08:19:55.0265 3724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/13 08:19:55.0453 3724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/13 08:19:57.0078 3724 ================================================================================
2011/04/13 08:19:57.0078 3724 Scan finished
2011/04/13 08:19:57.0078 3724 ================================================================================

#4 Win7User

Win7User
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 April 2011 - 08:10 AM

Hello I just noticed this. I click start programs and the Accessories is not in the start menue. Also I went to C Doucuments and Settings and it is empty. In the C drive I found something that got my attention. A folder called Qoobox. I found out it was from Combo Fix. I looked in the Qoobox folder here is what's there.
BackEnv (Folder)
LastRun (Folder)
Quaratine (Folder)
Test (Folder)
Add-Remove (Text)
Combofix2.tst (Text)
Combofix-Quarantined (Text)
Snapshot@2011-04011_13.0.. (DAT)

I looked in the Quaratine folder and the Documents and settings is there. Looks like it somehow Quaratined his whole user account. That's why nothing is in the Documeants and settings.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:20 AM

Posted 13 April 2011 - 09:34 AM

That is from running ComboFix.

Having run ComboFix we need to see that and a DDS log so we know what it changed.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 thjodisland

thjodisland

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 13 April 2011 - 02:48 PM

Hello, I think this is the right place to post. :-/ I believe my computer is infected. I ran this log with hijackthis, and now I do not know what to delete. Do you guys see anything suspicious in my log. I see something from Spigot, and I really don't trust this company, and I also see somethings with no name and a bunch of numbers behind them. I don't want to end up deleting something I might need.

Running processes:

EDIT: Removed HJT log and PM sent

Edited by boopme, 13 April 2011 - 09:13 PM.


#7 Win7User

Win7User
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 April 2011 - 06:24 PM

I tried to post the log files it said post was too long.
thjodisland I believe you are sussposed to start a new topic.

#8 Win7User

Win7User
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 April 2011 - 07:43 PM

If I understood correctly I need to only post the GMER log? When i post GMER I get a message it's too long to post. So I have attached it if this works.

Merging back to topic it came from. ~ OB

Edited by Orange Blossom, 15 April 2011 - 08:19 AM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:20 AM

Posted 13 April 2011 - 09:06 PM

@ thjodisland,yes you need a new topic.
follow the instructions in the post above yours and post your HJT with the others,thanks.

@Win7User...
Use two or more posts if needed. Let me know after and I'll see if I can fit them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Win7User

Win7User
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 April 2011 - 09:22 PM

I posted the GMER log and thats all. It's too long. Also why do I have to start a new topic when posting a log? I posted soemthing but don't know where I posted it.

Edited by Win7User, 13 April 2011 - 09:24 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:20 AM

Posted 13 April 2011 - 09:54 PM

your other topic is here
http://www.bleepingcomputer.com/forums/topic391112.html/page__p__2207061#entry2207061

You could not run DDS?

We need to post there as we have people specially trained in those logs and how to make the repair from there.

Edited by boopme, 13 April 2011 - 09:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:20 AM

Posted 15 April 2011 - 08:22 AM

Hello Win7User,

I merged the post boopme split out back to here as there aren't any logs there. Note, you cannot attach files in the Am I Infected forum.

To restate boopme's instructions to you in a different way:

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please include a description of your computer issues and what you have done to resolve them. Also, include a link to this topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :cherry:

Edited by Orange Blossom, 15 April 2011 - 08:24 AM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users