Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanDownloader


  • This topic is locked This topic is locked
10 replies to this topic

#1 lazydude

lazydude

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 22 August 2011 - 05:47 PM

I think I have a trojan problem and really need help. I'll keep things in order as they happened. A few months ago everytime I googled something on firefox I got redirected. I don't recall going into shady websites before this. And everytime I would end task explorer.exe it would stop. And someone on starcraft 2 told me about combofix. Next I found a virus(trojan) called TrojanDownloader:Win32/Tracur.B(and Y). I deleted it as many times so Microsoft Security Essentials(MSE) found it. Next when I got home one day, I saw my computer was 'frozen-like' but disregarded it because sometimes my computer does a diagnostic scan of my hardware and slows it down extremely. Later I found out that it was doing it more than once, for no reason. I can't do anything; no alt tab no windows key, nothing except pull my plug on my computer. But I get to see what time it froze and everytime I play iTunes or play my games(starcraft 2) it doesn't do it. Next; yesterday when I tried turning my computer back on, it shut off a few seconds later like my hardware was overheating which is impossible. It did it about 3 times before it actually turns on.

I currently have 3 virus and will tell you what is infected.
file:C:\ProgramData\atigktxx32.exe
file:C:\ProgramData\atidxx3232.dll
file:C:\Windows\SysWOW64\mfvdsp32.exe
service:stisvc32

Thank you for anyone that can and will help me.

Edited by Budapest, 22 August 2011 - 06:13 PM.
Moved from Vista ~Budapest


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 PM

Posted 22 August 2011 - 09:06 PM

Hello, let's try to run these,post the logs and see if ot is any better.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 23 August 2011 - 06:17 AM

Hello and thank you for helping me.

TDSSKiller.2.5.17.0_23.08.2011_06.05.31_log.txt
2011/08/23 06:05:31.0602 0464	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 06:05:31.0960 0464	================================================================================
2011/08/23 06:05:31.0960 0464	SystemInfo:
2011/08/23 06:05:31.0960 0464	
2011/08/23 06:05:31.0960 0464	OS Version: 6.0.6002 ServicePack: 2.0
2011/08/23 06:05:31.0960 0464	Product type: Workstation
2011/08/23 06:05:31.0960 0464	ComputerName: JORDAN-PC
2011/08/23 06:05:31.0960 0464	UserName: Jordan
2011/08/23 06:05:31.0960 0464	Windows directory: C:\Windows
2011/08/23 06:05:31.0960 0464	System windows directory: C:\Windows
2011/08/23 06:05:31.0960 0464	Running under WOW64
2011/08/23 06:05:31.0960 0464	Processor architecture: Intel x64
2011/08/23 06:05:31.0960 0464	Number of processors: 4
2011/08/23 06:05:31.0960 0464	Page size: 0x1000
2011/08/23 06:05:31.0960 0464	Boot type: Normal boot
2011/08/23 06:05:31.0960 0464	================================================================================
2011/08/23 06:05:32.0319 0464	Initialize success
2011/08/23 06:06:17.0388 3436	================================================================================
2011/08/23 06:06:17.0388 3436	Scan started
2011/08/23 06:06:17.0388 3436	Mode: Manual; 
2011/08/23 06:06:17.0388 3436	================================================================================
2011/08/23 06:06:17.0778 3436	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/23 06:06:17.0840 3436	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/23 06:06:17.0871 3436	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/23 06:06:17.0902 3436	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/23 06:06:17.0949 3436	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/23 06:06:17.0996 3436	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/23 06:06:18.0074 3436	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/23 06:06:18.0136 3436	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/23 06:06:18.0183 3436	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/08/23 06:06:18.0292 3436	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/23 06:06:18.0355 3436	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/08/23 06:06:18.0386 3436	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/08/23 06:06:18.0558 3436	amdkmdag        (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/23 06:06:18.0760 3436	amdkmdap        (adb8ee976ce4a47c54d39f2581593c03) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/23 06:06:18.0807 3436	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/23 06:06:18.0854 3436	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/23 06:06:18.0901 3436	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 06:06:18.0948 3436	atapi           (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/08/23 06:06:19.0010 3436	athr            (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/23 06:06:19.0088 3436	AtiHdmiService  (fcc00f34ebbb0bffbe10ef9f66bb6dd6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/23 06:06:19.0260 3436	atikmdag        (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/23 06:06:19.0400 3436	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/23 06:06:19.0447 3436	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 06:06:19.0462 3436	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/23 06:06:19.0478 3436	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/23 06:06:19.0509 3436	Bridge          (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
2011/08/23 06:06:19.0525 3436	BridgeMP        (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
2011/08/23 06:06:19.0572 3436	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/23 06:06:19.0603 3436	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/23 06:06:19.0618 3436	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/23 06:06:19.0650 3436	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/23 06:06:19.0681 3436	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/23 06:06:19.0728 3436	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 06:06:19.0759 3436	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 06:06:19.0790 3436	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 06:06:19.0837 3436	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/23 06:06:19.0884 3436	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/23 06:06:19.0899 3436	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/08/23 06:06:19.0946 3436	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/23 06:06:19.0993 3436	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 06:06:20.0040 3436	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/23 06:06:20.0102 3436	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 06:06:20.0133 3436	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 06:06:20.0164 3436	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/23 06:06:20.0180 3436	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/23 06:06:20.0242 3436	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/23 06:06:20.0289 3436	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/23 06:06:20.0336 3436	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/23 06:06:20.0383 3436	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 06:06:20.0414 3436	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 06:06:20.0430 3436	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 06:06:20.0461 3436	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 06:06:20.0492 3436	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 06:06:20.0508 3436	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 06:06:20.0570 3436	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/23 06:06:20.0586 3436	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 06:06:20.0617 3436	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/23 06:06:20.0679 3436	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/23 06:06:20.0726 3436	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 06:06:20.0788 3436	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 06:06:20.0835 3436	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/23 06:06:20.0866 3436	HidIr           (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 06:06:20.0898 3436	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 06:06:20.0944 3436	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/23 06:06:20.0991 3436	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 06:06:21.0022 3436	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/23 06:06:21.0069 3436	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 06:06:21.0085 3436	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/23 06:06:21.0132 3436	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/23 06:06:21.0225 3436	IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 06:06:21.0288 3436	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/23 06:06:21.0319 3436	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 06:06:21.0366 3436	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 06:06:21.0428 3436	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/23 06:06:21.0459 3436	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/23 06:06:21.0490 3436	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/23 06:06:21.0506 3436	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/23 06:06:21.0537 3436	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 06:06:21.0568 3436	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/23 06:06:21.0600 3436	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/23 06:06:21.0615 3436	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 06:06:21.0646 3436	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 06:06:21.0693 3436	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 06:06:21.0724 3436	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 06:06:21.0771 3436	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 06:06:21.0818 3436	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/23 06:06:21.0849 3436	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/23 06:06:21.0880 3436	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/23 06:06:21.0927 3436	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 06:06:21.0974 3436	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/23 06:06:22.0021 3436	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/23 06:06:22.0083 3436	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/23 06:06:22.0114 3436	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 06:06:22.0130 3436	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 06:06:22.0177 3436	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 06:06:22.0192 3436	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 06:06:22.0239 3436	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/23 06:06:22.0270 3436	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/23 06:06:22.0333 3436	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/23 06:06:22.0364 3436	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 06:06:22.0395 3436	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/23 06:06:22.0426 3436	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 06:06:22.0473 3436	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 06:06:22.0504 3436	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 06:06:22.0536 3436	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 06:06:22.0582 3436	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/08/23 06:06:22.0598 3436	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/23 06:06:22.0629 3436	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 06:06:22.0692 3436	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/23 06:06:22.0738 3436	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 06:06:22.0785 3436	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 06:06:22.0816 3436	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 06:06:22.0848 3436	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 06:06:22.0879 3436	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 06:06:22.0894 3436	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 06:06:22.0926 3436	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/23 06:06:22.0988 3436	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 06:06:23.0050 3436	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/23 06:06:23.0066 3436	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 06:06:23.0097 3436	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 06:06:23.0113 3436	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 06:06:23.0144 3436	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 06:06:23.0175 3436	Netaapl         (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
2011/08/23 06:06:23.0191 3436	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 06:06:23.0222 3436	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 06:06:23.0284 3436	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/23 06:06:23.0331 3436	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/23 06:06:23.0394 3436	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 06:06:23.0425 3436	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 06:06:23.0472 3436	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 06:06:23.0550 3436	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/23 06:06:23.0612 3436	NVENETFD        (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
2011/08/23 06:06:23.0877 3436	nvlddmkm        (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/23 06:06:24.0127 3436	NVR0Dev         (241a095631570a9cef4f126c87605c60) C:\Windows\nvoclk64.sys
2011/08/23 06:06:24.0158 3436	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 06:06:24.0189 3436	nvrd64          (2f60404c51999daed32517606b6b9585) C:\Windows\system32\drivers\nvrd64.sys
2011/08/23 06:06:24.0220 3436	nvsmu           (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/23 06:06:24.0252 3436	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 06:06:24.0283 3436	nvstor64        (03354015aa4690c0dbf5dccdeaec71f5) C:\Windows\system32\drivers\nvstor64.sys
2011/08/23 06:06:24.0314 3436	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/23 06:06:24.0408 3436	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 06:06:24.0470 3436	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/23 06:06:24.0501 3436	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 06:06:24.0610 3436	PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
2011/08/23 06:06:24.0657 3436	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/23 06:06:24.0673 3436	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/08/23 06:06:24.0704 3436	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/23 06:06:24.0735 3436	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/23 06:06:24.0829 3436	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 06:06:24.0860 3436	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 06:06:24.0922 3436	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 06:06:24.0954 3436	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/23 06:06:25.0032 3436	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/23 06:06:25.0063 3436	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 06:06:25.0078 3436	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 06:06:25.0110 3436	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 06:06:25.0141 3436	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 06:06:25.0172 3436	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 06:06:25.0203 3436	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 06:06:25.0219 3436	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 06:06:25.0266 3436	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/23 06:06:25.0281 3436	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 06:06:25.0344 3436	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 06:06:25.0390 3436	RimUsb          (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/23 06:06:25.0437 3436	RimVSerPort     (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/08/23 06:06:25.0468 3436	ROOTMODEM       (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/23 06:06:25.0515 3436	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 06:06:25.0562 3436	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/23 06:06:25.0609 3436	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 06:06:25.0640 3436	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/08/23 06:06:25.0656 3436	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/08/23 06:06:25.0687 3436	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/23 06:06:25.0734 3436	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/23 06:06:25.0749 3436	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/23 06:06:25.0780 3436	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/23 06:06:25.0796 3436	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/23 06:06:25.0843 3436	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/23 06:06:25.0858 3436	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/23 06:06:25.0905 3436	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 06:06:25.0952 3436	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/23 06:06:26.0030 3436	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 06:06:26.0077 3436	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 06:06:26.0092 3436	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 06:06:26.0155 3436	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 06:06:26.0186 3436	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/23 06:06:26.0217 3436	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/23 06:06:26.0233 3436	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/23 06:06:26.0295 3436	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/08/23 06:06:26.0358 3436	Tcpip           (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 06:06:26.0436 3436	Tcpip6          (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 06:06:26.0482 3436	tcpipreg        (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 06:06:26.0498 3436	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 06:06:26.0514 3436	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 06:06:26.0560 3436	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 06:06:26.0607 3436	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 06:06:26.0654 3436	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 06:06:26.0685 3436	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/23 06:06:26.0732 3436	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 06:06:26.0748 3436	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/23 06:06:26.0779 3436	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 06:06:26.0826 3436	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/23 06:06:26.0857 3436	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/23 06:06:26.0888 3436	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/23 06:06:26.0919 3436	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/23 06:06:26.0950 3436	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 06:06:26.0966 3436	UMPass          (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 06:06:27.0013 3436	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/23 06:06:27.0060 3436	usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/08/23 06:06:27.0091 3436	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 06:06:27.0122 3436	usbcir          (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 06:06:27.0184 3436	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 06:06:27.0216 3436	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 06:06:27.0231 3436	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 06:06:27.0262 3436	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 06:06:27.0294 3436	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/23 06:06:27.0325 3436	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/23 06:06:27.0340 3436	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/23 06:06:27.0403 3436	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 06:06:27.0418 3436	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/23 06:06:27.0465 3436	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/23 06:06:27.0496 3436	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/23 06:06:27.0528 3436	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 06:06:27.0574 3436	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/23 06:06:27.0590 3436	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/23 06:06:27.0637 3436	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/23 06:06:27.0668 3436	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 06:06:27.0684 3436	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 06:06:27.0715 3436	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/23 06:06:27.0762 3436	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 06:06:27.0871 3436	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 06:06:27.0933 3436	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/23 06:06:27.0964 3436	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 06:06:28.0011 3436	WSDPrintDevice  (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/23 06:06:28.0058 3436	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 06:06:28.0105 3436	MBR (0x1B8)     (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
2011/08/23 06:06:28.0120 3436	\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/23 06:06:28.0120 3436	Boot (0x1200)   (ad870ab438b2f81a2991df11e290fc68) \Device\Harddisk0\DR0\Partition0
2011/08/23 06:06:28.0152 3436	Boot (0x1200)   (cb0a759656c3fe223e363def95eac6ac) \Device\Harddisk0\DR0\Partition1
2011/08/23 06:06:28.0167 3436	================================================================================
2011/08/23 06:06:28.0167 3436	Scan finished
2011/08/23 06:06:28.0167 3436	================================================================================
2011/08/23 06:06:28.0167 1368	Detected object count: 1
2011/08/23 06:06:28.0167 1368	Actual detected object count: 1
2011/08/23 06:07:46.0494 1368	\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/23 06:07:46.0494 1368	\Device\Harddisk0\DR0 - ok
2011/08/23 06:07:46.0494 1368	Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 
2011/08/23 06:07:49.0660 2164	Deinitialize success
ESET is running now.

#4 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 23 August 2011 - 02:53 PM

Sorry its taking so long, I left for school and it was at 99% but when I came home it had did that freezing thing. Got it scanning now.
I also got a feeling that ESET already cleaned my computer, so I'm wondering if I can get that log. Because it found 6 viruses.

I also blocked IP Addressees associated with the virus. There:
91.217.153.48
193.169.234.242
89.187.53.10
193.169.234.244
67.29.139.153
64.111.196.122

Yep,it finished and found no virus. ESET must of cleaned my computer automatically. But I do remember there being 6. But there is obviously still a virus because my computer was frozen when I got home.

But there are 18 quarantine things.
Given options: "uninstall application on close" and "delete quarantine files".
------------------------------------------------------------------------
I choose delete quarantine files and I think it did... while it was scanning, however it is talking about getting a 30-day trail thing.
Good thing I took pics before I clicked "delete quarantine files" because now I cannot go back. But I went and deleted all the 'quarantined files'.

Edited by lazydude, 23 August 2011 - 06:17 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 PM

Posted 24 August 2011 - 09:32 PM

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 25 August 2011 - 03:39 PM

o.o Thanks. But my computer is still freezing and when I power my comp on it takes a while to actually power on. I'm positive nothing it overheating and think the virus is doing it; maybe through BIOS?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8f1ee4518ca60b4687214f88ad437065
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-23 01:45:19
# local_time=2011-08-23 08:45:19 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 1235946 150697033 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=286934
# found=17
# cleaned=17
# scan_time=8791
C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe	a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Cheat Engine\dbk32.dll	a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Cheat Engine\dbk32.sys	Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe	a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe	a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe	a variant of Win32/Kryptik.SH trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe	a variant of Win32/Kryptik.SH trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Qoobox\Quarantine\C\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\extensions\{db42d484-402b-49c6-926e-13ce1feac80e}\chrome.manifest.vir	Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Qoobox\Quarantine\C\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\extensions\{db42d484-402b-49c6-926e-13ce1feac80e}\chrome\xulcache.jar.vir	JS/Agent.NDJ trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-10f449bc	Java/Agent.BV trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-47f04976	Java/Agent.BV trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\fad2d88-5db2cee1	Java/Agent.BV trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\extensions\{68243d22-8121-49c1-9467-59a923fe6a51}\chrome.manifest	Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\extensions\{68243d22-8121-49c1-9467-59a923fe6a51}\chrome\xulcache.jar	JS/Agent.NDJ trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Jordan\Documents\Winject.exe	a variant of Win32/HackTool.Inject.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\kimg.dll	Win32/Monitor.Spyagent.NAA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\System32\atidxx3232.dll	a variant of Win32/Kryptik.RSL trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8f1ee4518ca60b4687214f88ad437065
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-23 10:19:54
# local_time=2011-08-23 05:19:54 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 1266794 150727881 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=286817
# found=0
# cleaned=0
# scan_time=8819

Edited by lazydude, 25 August 2011 - 03:41 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 PM

Posted 25 August 2011 - 04:16 PM

Let's check for an MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 26 August 2011 - 04:11 PM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 



device: opened successfully

user: error reading MBR 

error: Read  The handle is invalid.

kernel: error reading MBR 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 PM

Posted 26 August 2011 - 07:01 PM

Appears we have an MBR issue.
DDS LOG
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include te MBR log above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 27 August 2011 - 02:03 PM

gmer.exe found nothing. But yeah.
I guess DDS did what it was suppose to.
Computer froze just about 2 minutes ago(it hasn't in like 4 days) and when I was rebooting it froze while rebooting... :/

Edited by lazydude, 27 August 2011 - 02:03 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 PM

Posted 27 August 2011 - 09:20 PM

Both are just scanners to determine the next steps.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users