Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run any antivirus programs and get redirected when using google search


  • This topic is locked This topic is locked
11 replies to this topic

#1 Digitalx77

Digitalx77

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 13 September 2011 - 02:34 PM

This just started to happen, I first noticed that when using google search when I click on the link it redirects me to coolsearchserver and on to other sites hosted by them. I ran Avg and removed any viruses, and then I ran spybot search and destroy removed any it found, went back to google and the same thing happened. Downloaded ad Aware and installed that, ran it and it suddenly disapppeared, tried to run it again and it will not start, tried to run spybot, nothing happens, downloaded Hijack this installed and will not run (error saying I do not have permissions). Downloaded combo fix installed and it disappears half way thru the installation. Tried to do a system restore, it freezes a quarter of the way thru. Help please I don't know what I have or how to get rid of it.

BC AdBot (Login to Remove)

 


#2 Digitalx77

Digitalx77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 13 September 2011 - 03:11 PM

Update.

I read on this forum a similar problem so I thought I would give the solution a try, I was able to install Tdss Killer and run it, it found a virus called Rootkit.win32.ZAccess.e(NetBT). I did what it told me and it claimed to be cured and to reboot, I did a reboot and bam the virus is back, reren tdss killer and it shows up again. here is the tds killer log.

2011/09/13 13:56:37.0390 0180 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/13 13:56:39.0390 0180 ================================================================================
2011/09/13 13:56:39.0390 0180 SystemInfo:
2011/09/13 13:56:39.0390 0180
2011/09/13 13:56:39.0390 0180 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/13 13:56:39.0390 0180 Product type: Workstation
2011/09/13 13:56:39.0390 0180 Windows directory: H:\WINDOWS
2011/09/13 13:56:39.0390 0180 System windows directory: H:\WINDOWS
2011/09/13 13:56:39.0390 0180 Processor architecture: Intel x86
2011/09/13 13:56:39.0390 0180 Number of processors: 6
2011/09/13 13:56:39.0390 0180 Page size: 0x1000
2011/09/13 13:56:39.0390 0180 Boot type: Normal boot
2011/09/13 13:56:39.0390 0180 ================================================================================
2011/09/13 13:56:41.0328 0180 Initialize success
2011/09/13 13:56:46.0984 2576 ================================================================================
2011/09/13 13:56:46.0984 2576 Scan started
2011/09/13 13:56:46.0984 2576 Mode: Manual;
2011/09/13 13:56:46.0984 2576 ================================================================================
2011/09/13 13:56:48.0250 2576 ACPI (a10c7534f7223f4a73a948967d00e69b) H:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/13 13:56:48.0312 2576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/13 13:56:48.0343 2576 aec (1ee7b434ba961ef845de136224c30fec) H:\WINDOWS\system32\drivers\aec.sys
2011/09/13 13:56:48.0375 2576 AegisP (15e655baa989444f56787ef558823643) H:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/13 13:56:48.0406 2576 af3d8b4c (8f2bb1827cac01aee6a16e30a1260199) H:\WINDOWS\1284193711:1354921139.exe
2011/09/13 13:56:48.0406 2576 Suspicious file (Hidden): H:\WINDOWS\1284193711:1354921139.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/13 13:56:48.0406 2576 af3d8b4c - detected HiddenFile.Multi.Generic (1)
2011/09/13 13:56:48.0421 2576 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) H:\WINDOWS\System32\drivers\afd.sys
2011/09/13 13:56:48.0468 2576 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) H:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/13 13:56:48.0531 2576 AmdPPM (033448d435e65c4bd72e70521fd05c76) H:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/09/13 13:56:48.0546 2576 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) H:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/13 13:56:48.0593 2576 AsIO (9d8cb58b9a9e177ddd599791a58a654d) H:\WINDOWS\system32\drivers\AsIO.sys
2011/09/13 13:56:48.0625 2576 AsyncMac (02000abf34af4c218c35d257024807d6) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/13 13:56:48.0640 2576 atapi (cdfe4411a69c224bd1d11b2da92dac51) H:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/13 13:56:48.0750 2576 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/13 13:56:48.0796 2576 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/13 13:56:48.0812 2576 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/13 13:56:48.0843 2576 AVerFx2hbtv (c9e6052bdf2bd7f0f6eda14459cf6de5) H:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
2011/09/13 13:56:48.0890 2576 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) H:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/13 13:56:48.0890 2576 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/13 13:56:48.0906 2576 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) H:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/13 13:56:48.0921 2576 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) H:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/13 13:56:48.0953 2576 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) H:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/13 13:56:48.0968 2576 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) H:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/13 13:56:48.0968 2576 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) H:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/13 13:56:48.0984 2576 Avgtdix (aaf0ebcad95f2164cffb544e00392498) H:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/13 13:56:49.0015 2576 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
2011/09/13 13:56:49.0046 2576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/13 13:56:49.0078 2576 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/13 13:56:49.0093 2576 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/13 13:56:49.0125 2576 Cdfs (cd7d5152df32b47f4e36f710b35aae02) H:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/13 13:56:49.0140 2576 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) H:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/13 13:56:49.0203 2576 Disk (00ca44e4534865f8a3b64f7c0984bff0) H:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/13 13:56:49.0234 2576 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) H:\WINDOWS\system32\drivers\dmboot.sys
2011/09/13 13:56:49.0265 2576 dmio (f5e7b358a732d09f4bcf2824b88b9e28) H:\WINDOWS\system32\drivers\dmio.sys
2011/09/13 13:56:49.0265 2576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
2011/09/13 13:56:49.0296 2576 DMusic (a6f881284ac1150e37d9ae47ff601267) H:\WINDOWS\system32\drivers\DMusic.sys
2011/09/13 13:56:49.0328 2576 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) H:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/13 13:56:49.0343 2576 Fastfat (3117f595e9615e04f05a54fc15a03b20) H:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/13 13:56:49.0359 2576 Fdc (ced2e8396a8838e59d8fd529c680e02c) H:\WINDOWS\system32\drivers\Fdc.sys
2011/09/13 13:56:49.0359 2576 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) H:\WINDOWS\system32\drivers\Fips.sys
2011/09/13 13:56:49.0375 2576 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) H:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/13 13:56:49.0406 2576 FltMgr (6cc5181f718820861eeadae38f764b75) H:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/13 13:56:49.0406 2576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/13 13:56:49.0421 2576 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/13 13:56:49.0437 2576 Gpc (c0f1d4a21de5a415df8170616703debf) H:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/13 13:56:49.0484 2576 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/13 13:56:49.0515 2576 HidUsb (1de6783b918f540149aa69943bdfeba8) H:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/13 13:56:49.0562 2576 HPZid412 (287a63bd8509bd78e7978823b38afa81) H:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/13 13:56:49.0578 2576 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) H:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/13 13:56:49.0609 2576 HPZius12 (29559db25258b60510a60c4e470fce32) H:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/13 13:56:49.0640 2576 HTTP (ca9a02a72cc7cbda40afb457aea77d2e) H:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/13 13:56:49.0687 2576 i8042prt (5502b58eef7486ee6f93f3f164dcb808) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/13 13:56:49.0687 2576 Imapi (12c59b8929121ace2f55acc86682cf12) H:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/13 13:56:49.0734 2576 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) H:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/13 13:56:49.0750 2576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/13 13:56:49.0765 2576 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) H:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/13 13:56:49.0765 2576 IpNat (472c75f85e631f8aa87d21c9fee6238d) H:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/13 13:56:49.0796 2576 IPSec (64537aa5c003a6afeee1df819062d0d1) H:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/13 13:56:49.0828 2576 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) H:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/13 13:56:49.0843 2576 isapnp (e504f706ccb699c2596e9a3da1596e87) H:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/13 13:56:49.0859 2576 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/13 13:56:49.0859 2576 kmixer (8531438246ce9474e41ee1599904c0c7) H:\WINDOWS\system32\drivers\kmixer.sys
2011/09/13 13:56:49.0875 2576 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) H:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/13 13:56:49.0937 2576 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) H:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/09/13 13:56:49.0968 2576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/13 13:56:50.0000 2576 Modem (6fc6f9d7acc36dca9b914565a3aeda05) H:\WINDOWS\system32\drivers\Modem.sys
2011/09/13 13:56:50.0000 2576 Mouclass (34e1f0031153e491910e12551400192c) H:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/13 13:56:50.0015 2576 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) H:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/13 13:56:50.0031 2576 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) H:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/13 13:56:50.0062 2576 MRxDAV (46edcc8f2db2f322c24f48785cb46366) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/13 13:56:50.0078 2576 MRxSmb (d165399d926409e0072bfa8dbd0ebaf2) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/13 13:56:50.0078 2576 Suspicious file (Forged): H:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: d165399d926409e0072bfa8dbd0ebaf2, Fake md5: 321fe492903d8a07f79b7099d71ff578
2011/09/13 13:56:50.0078 2576 MRxSmb - detected Rootkit.Win32.ZAccess.e (0)
2011/09/13 13:56:50.0093 2576 Msfs (561b3a4333ca2dbdba28b5b956822519) H:\WINDOWS\system32\drivers\Msfs.sys
2011/09/13 13:56:50.0109 2576 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) H:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/13 13:56:50.0125 2576 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/13 13:56:50.0125 2576 MSPQM (1988a33ff19242576c3d0ef9ce785da7) H:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/13 13:56:50.0171 2576 mssmbios (469541f8bfd2b32659d5d463a6714bce) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/13 13:56:50.0203 2576 MSTEE (bf13612142995096ab084f2db7f40f77) H:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/13 13:56:50.0218 2576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) H:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/09/13 13:56:50.0234 2576 Mup (a1dd45cdcd2bf8c57a9a0493c09b00b3) H:\WINDOWS\system32\drivers\Mup.sys
2011/09/13 13:56:50.0265 2576 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/13 13:56:50.0281 2576 NDIS (558635d3af1c7546d26067d5d9b6959e) H:\WINDOWS\system32\drivers\NDIS.sys
2011/09/13 13:56:50.0296 2576 NdisIP (520ce427a8b298f54112857bcf6bde15) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/13 13:56:50.0328 2576 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/13 13:56:50.0343 2576 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/13 13:56:50.0359 2576 NdisWan (0b90e255a9490166ab368cd55a529893) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/13 13:56:50.0375 2576 NDProxy (59fc3fb44d2669bc144fd87826bb571f) H:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/13 13:56:50.0390 2576 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) H:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/13 13:56:50.0406 2576 NetBT (0c80e410cd2f47134407ee7dd19cc86b) H:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/13 13:56:50.0468 2576 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) H:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/13 13:56:50.0468 2576 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) H:\WINDOWS\system32\drivers\Npfs.sys
2011/09/13 13:56:50.0484 2576 Ntfs (52723e766051ac8f0b70491ad91f0079) H:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/13 13:56:50.0500 2576 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
2011/09/13 13:56:50.0531 2576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/13 13:56:50.0546 2576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/13 13:56:50.0546 2576 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) H:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/13 13:56:50.0578 2576 Parport (29744eb4ce659dfe3b4122deb45bc478) H:\WINDOWS\system32\drivers\Parport.sys
2011/09/13 13:56:50.0578 2576 PartMgr (1628710c352bd79abeba234356e2b586) H:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/13 13:56:50.0609 2576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/13 13:56:50.0609 2576 PCI (8086d9979234b603ad5bc2f5d890b234) H:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/13 13:56:50.0625 2576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/13 13:56:50.0656 2576 Pcmcia (82a087207decec8456fbe8537947d579) H:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/13 13:56:50.0750 2576 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) H:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/13 13:56:50.0750 2576 Processor (9e372a156f92425a1904b84589093a37) H:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/13 13:56:50.0765 2576 PSched (48671f327553dcf1d27f6197f622a668) H:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/13 13:56:50.0781 2576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/13 13:56:50.0812 2576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) H:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/13 13:56:50.0843 2576 QCDonner (a52806706856f9dac09476bafe1400da) H:\WINDOWS\system32\DRIVERS\LVCD.sys
2011/09/13 13:56:50.0890 2576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/13 13:56:50.0921 2576 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/13 13:56:50.0921 2576 RasPppoe (7306eeed8895454cbed4669be9f79faa) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/13 13:56:50.0937 2576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/13 13:56:50.0937 2576 Rdbss (b48441a6dc703ee4c36db14ee51a189c) H:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/13 13:56:50.0953 2576 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/13 13:56:50.0968 2576 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) H:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/13 13:56:51.0015 2576 RDPWD (047bea21274c8a4a233674a76c958c2c) H:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/13 13:56:51.0031 2576 redbook (b31b4588e4086d8d84adbf9845c2402b) H:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/13 13:56:51.0078 2576 rspndr (0e11b35e972796042044bc27ce13b065) H:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/09/13 13:56:51.0125 2576 RT61 (57f390bf7af0f68bb804387cbc3a4f0d) H:\WINDOWS\system32\DRIVERS\RT61.sys
2011/09/13 13:56:51.0156 2576 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/13 13:56:51.0187 2576 Scutum50 (f34c06d1c706a6d9433570b087a18b02) H:\WINDOWS\system32\Drivers\Scutum50.sys
2011/09/13 13:56:51.0218 2576 Secdrv (7570380037993520842c2868121a01f9) H:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/13 13:56:51.0234 2576 serenum (a2d868aeeff612e70e213c451a70cafb) H:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/13 13:56:51.0234 2576 Serial (cd9404d115a00d249f70a371b46d5a26) H:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/13 13:56:51.0250 2576 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) H:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/13 13:56:51.0281 2576 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) H:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/13 13:56:51.0312 2576 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) H:\WINDOWS\system32\drivers\splitter.sys
2011/09/13 13:56:51.0359 2576 sptd (8ea0fd60a5b047e0c734d51aace531c9) H:\WINDOWS\System32\Drivers\sptd.sys
2011/09/13 13:56:51.0359 2576 Suspicious file (NoAccess): H:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
2011/09/13 13:56:51.0359 2576 sptd - detected LockedFile.Multi.Generic (1)
2011/09/13 13:56:51.0390 2576 sr (e41b6d037d6cd08461470af04500dc24) H:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/13 13:56:51.0421 2576 Srv (5230953c21c811b5fc1ff31ae2b48097) H:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/13 13:56:51.0468 2576 streamip (284c57df5dc7abca656bc2b96a667afb) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/13 13:56:51.0468 2576 swenum (03c1bae4766e2450219d20b993d6e046) H:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/13 13:56:51.0484 2576 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) H:\WINDOWS\system32\drivers\swmidi.sys
2011/09/13 13:56:51.0531 2576 sysaudio (650ad082d46bac0e64c9c0e0928492fd) H:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/13 13:56:51.0546 2576 Tcpip (e6b15bcc470953e600ef7aded3cab142) H:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/13 13:56:51.0578 2576 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) H:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/13 13:56:51.0593 2576 TDTCP (ed0580af02502d00ad8c4c066b156be9) H:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/13 13:56:51.0593 2576 TermDD (a540a99c281d933f3d69d55e48727f47) H:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/13 13:56:51.0656 2576 Udfs (12f70256f140cd7d52c58c7048fde657) H:\WINDOWS\system32\drivers\Udfs.sys
2011/09/13 13:56:51.0687 2576 Update (1f03139b77b21c6d84c688798808bc28) H:\WINDOWS\system32\DRIVERS\update.sys
2011/09/13 13:56:51.0703 2576 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/13 13:56:51.0718 2576 usbehci (4a84dd272df62be5739394b3f90f8ae2) H:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/13 13:56:51.0718 2576 usbhub (db53e336c44cb0975d7dcb35bac0ecda) H:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/13 13:56:51.0734 2576 usbohci (9e36a32190cb43de871fbbd7b13acd09) H:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/13 13:56:51.0750 2576 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) H:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/13 13:56:51.0781 2576 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/13 13:56:51.0796 2576 VgaSave (8a60edd72b4ea5aea8202daf0e427925) H:\WINDOWS\System32\drivers\vga.sys
2011/09/13 13:56:51.0843 2576 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) H:\WINDOWS\system32\drivers\viahduaa.sys
2011/09/13 13:56:51.0875 2576 VolSnap (ee4660083deba849ff6c485d944b379b) H:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/13 13:56:51.0890 2576 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) H:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/13 13:56:51.0906 2576 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) H:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/13 13:56:51.0921 2576 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) H:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/13 13:56:51.0953 2576 WSTCODEC (d5842484f05e12121c511aa93f6439ec) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/13 13:56:51.0984 2576 WudfPf (f15feafffbb3644ccc80c5da584e6311) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/13 13:56:51.0984 2576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/13 13:56:52.0015 2576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/13 13:56:52.0062 2576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/13 13:56:52.0171 2576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/09/13 13:56:52.0250 2576 Boot (0x1200) (6fc9b91e5f77506d77818119ad11077c) \Device\Harddisk0\DR0\Partition0
2011/09/13 13:56:52.0265 2576 Boot (0x1200) (6c7f6551cc559356a731f7de3bbd9c28) \Device\Harddisk0\DR0\Partition1
2011/09/13 13:56:52.0265 2576 Boot (0x1200) (6036327f21a389c4259b9aca80ce6bbd) \Device\Harddisk1\DR1\Partition0
2011/09/13 13:56:52.0281 2576 Boot (0x1200) (31a122758371d438d5be296d50292cf9) \Device\Harddisk1\DR1\Partition1
2011/09/13 13:56:52.0281 2576 Boot (0x1200) (58dd2bcafbc2f9576a403f618484f185) \Device\Harddisk2\DR2\Partition0
2011/09/13 13:56:52.0281 2576 Boot (0x1200) (27120f5add8b0a48f5ff1c20d2a06c69) \Device\Harddisk2\DR2\Partition1
2011/09/13 13:56:52.0281 2576 ================================================================================
2011/09/13 13:56:52.0281 2576 Scan finished
2011/09/13 13:56:52.0281 2576 ================================================================================
2011/09/13 13:56:52.0296 3116 Detected object count: 3
2011/09/13 13:56:52.0296 3116 Actual detected object count: 3
2011/09/13 13:57:39.0437 3116 af3d8b4c (8f2bb1827cac01aee6a16e30a1260199) H:\WINDOWS\1284193711:1354921139.exe
2011/09/13 13:57:39.0437 3116 Suspicious file (Hidden): H:\WINDOWS\1284193711:1354921139.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/13 13:57:39.0437 3116 H:\WINDOWS\1284193711:1354921139.exe - copied to quarantine
2011/09/13 13:57:39.0437 3116 HiddenFile.Multi.Generic(af3d8b4c) - User select action: Quarantine
2011/09/13 13:57:39.0500 3116 MRxSmb (d165399d926409e0072bfa8dbd0ebaf2) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/13 13:57:39.0500 3116 Suspicious file (Forged): H:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: d165399d926409e0072bfa8dbd0ebaf2, Fake md5: 321fe492903d8a07f79b7099d71ff578
2011/09/13 13:57:40.0140 3116 Backup copy found, using it..
2011/09/13 13:57:40.0156 3116 H:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured after reboot
2011/09/13 13:57:40.0156 3116 Rootkit.Win32.ZAccess.e(MRxSmb) - User select action: Cure
2011/09/13 13:57:40.0203 3116 sptd (8ea0fd60a5b047e0c734d51aace531c9) H:\WINDOWS\System32\Drivers\sptd.sys
2011/09/13 13:57:40.0203 3116 Suspicious file (NoAccess): H:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
2011/09/13 13:57:40.0203 3116 H:\WINDOWS\System32\Drivers\sptd.sys - copied to quarantine
2011/09/13 13:57:40.0203 3116 LockedFile.Multi.Generic(sptd) - User select action: Quarantine
2011/09/13 13:58:12.0015 0304 Deinitialize success

#3 Digitalx77

Digitalx77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 14 September 2011 - 03:24 PM

How long does it normally take to get help?

EDIT: Please be patient. There are over 130 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

Edited by Budapest, 14 September 2011 - 05:57 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 19 September 2011 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418824 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,199 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:10 PM

Posted 20 September 2011 - 04:21 AM

Hi, if you still need help, post the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Digitalx77

Digitalx77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 20 September 2011 - 11:29 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Digi at 0:23:50 on 2011-09-20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.1649 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
H:\PROGRA~1\AVG\AVG10\avgchsvx.exe
H:\PROGRA~1\AVG\AVG10\avgrsx.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
H:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
H:\Program Files\AVG\AVG10\avgtray.exe
H:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
H:\Program Files\Real\RealPlayer\RealPlay.exe
H:\Program Files\DivX\DivX Update\DivXUpdate.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools Lite\DTLite.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - h:\program files\freecorder\prxtbFre0.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - h:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - h:\program files\orbitdownloader\orbitcth.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - h:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - h:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - h:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - h:\program files\utorrentbar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - h:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - h:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - h:\program files\conduitengine\prxConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - h:\program files\utorrentbar\prxtbuTor.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - h:\program files\daemon tools toolbar\DTToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - h:\program files\orbitdownloader\GrabPro.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - h:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "h:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "h:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Six Engine] "h:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [AVG_TRAY] h:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] h:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [LVCOMS] h:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [RealTray] h:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DivXUpdate] "h:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
IE: &Download by Orbit - h:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - h:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - h:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - h:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - h:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC2785D8-7F2D-4DBC-823B-4746E27FCE13} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - h:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - h:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - h:\documents and settings\digi\application data\mozilla\firefox\profiles\ig6lccbz.default user\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: h:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: h:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: h:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: h:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: h:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: h:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;h:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;h:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;h:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;h:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;h:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;h:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 Scutum50;Scutum50 NDIS Protocol Driver;h:\windows\system32\drivers\Scutum50.sys [2011-7-10 19072]
R3 AVerFx2hbtv;AVerMedia C038 USB Capture Card;h:\windows\system32\drivers\AVerFx2hbtv.sys [2011-9-8 436480]
R3 AVGIDSDriver;AVGIDSDriver;h:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;h:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [2011-6-22 2136224]
S2 Apache2.2;Apache2.2;h:\xampp\apache\bin\httpd.exe [2010-10-17 24576]
S2 avgwd;AVG WatchDog;h:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2011-9-11 135664]
S2 RalinkRegistryWriter;Ralink Registry Writer;h:\program files\ralink\common\raregistry.exe --> h:\program files\ralink\common\RaRegistry.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;h:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-23 1025352]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;j:\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2011-9-11 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;h:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
.
=============== Created Last 30 ================
.
2011-09-13 19:57:39 -------- d-----w- H:\TDSSKiller_Quarantine
2011-09-13 19:49:23 48016 --sha-w- h:\windows\system32\c_52184.nl_
2011-09-13 17:07:26 64512 ----a-w- h:\windows\system32\drivers\Lbd.sys
2011-09-13 17:07:22 -------- d-----w- h:\program files\Lavasoft
2011-09-13 16:43:50 -------- d-----w- h:\program files\Spybot - Search & Destroy
2011-09-13 16:43:50 -------- d-----w- h:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-13 07:56:42 -------- d-----w- h:\program files\vReveal 3
2011-09-12 09:23:34 -------- d-----w- h:\program files\Free Video Joiner
2011-09-11 10:20:32 -------- d-----w- h:\documents and settings\digi\application data\DDMSettings
2011-09-11 09:10:51 -------- d-----w- h:\program files\common files\DivX Shared
2011-09-11 08:57:04 -------- d-----w- h:\documents and settings\digi\local settings\application data\Google
2011-09-11 08:56:46 -------- d-----w- h:\program files\DivX
2011-09-11 08:54:53 -------- d-----w- h:\documents and settings\all users\application data\DivX
2011-09-11 03:54:56 -------- d-----w- h:\program files\Bigasoft
2011-09-09 20:35:55 -------- d-----w- h:\program files\Orbitdownloader
2011-09-08 20:38:55 -------- d-----w- h:\program files\NCH Software
2011-09-08 20:38:53 -------- d-----w- h:\documents and settings\digi\application data\NCH Software
2011-09-08 19:45:02 -------- d-----w- h:\documents and settings\digi\local settings\application data\WMTools Downloaded Files
2011-09-06 22:30:39 -------- d-----r- h:\program files\Skype
2011-09-05 17:04:56 183696 ----a-w- h:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-03 17:48:17 -------- d-----w- h:\documents and settings\digi\application data\AnvSoft
2011-09-03 17:48:08 -------- d-----w- h:\program files\AnvSoft
2011-09-03 17:40:51 23856 ----a-w- h:\windows\system32\spupdsvc.exe
2011-09-03 17:38:51 -------- d-----w- h:\program files\Freemake
2011-08-26 04:37:38 -------- d-----w- h:\documents and settings\digi\Tracing
2011-08-26 04:36:50 -------- d-----w- h:\program files\Microsoft
2011-08-26 04:36:33 -------- d-----w- h:\program files\Windows Live SkyDrive
2011-08-26 04:32:22 -------- d-----w- h:\program files\common files\Windows Live
2011-08-26 00:50:03 0 ----a-w- h:\windows\system32\ConduitEngine.tmp
2011-08-24 02:48:36 -------- d-----w- h:\documents and settings\digi\local settings\application data\Funcom
2011-08-24 02:48:12 -------- d-----w- h:\documents and settings\all users\application data\media center programs
2011-08-24 02:48:10 -------- d-----w- h:\program files\Funcom
.
==================== Find3M ====================
.
2011-09-16 15:33:15 454912 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2011-09-13 19:49:09 57472 ----a-w- h:\windows\system32\drivers\redbook.sys
2011-09-07 15:32:03 404640 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 23:48:04 24064 ----a-w- h:\windows\system32\prefscpl.cpl
2011-08-08 02:28:57 443448 ----a-w- h:\windows\system32\drivers\sptd.sys
2011-07-22 20:51:50 94208 ----a-w- h:\windows\system32\dpl100.dll
2011-07-06 03:53:57 73728 ----a-w- h:\windows\system32\javacpl.cpl
2011-07-06 03:53:57 472808 ----a-w- h:\windows\system32\deployJava1.dll
2011-07-05 20:53:43 21419 ----a-w- h:\windows\system32\drivers\AegisP.sys
2011-06-29 19:55:30 82380 ----a-w- h:\windows\system32\drivers\AFS2K.SYS
2011-06-23 14:28:43 0 ----a-w- h:\windows\ativpsrm.bin
.
============= FINISH: 0:24:19.59 ===============

Attached Files



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,199 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:10 PM

Posted 20 September 2011 - 12:10 PM

Unfortunately you have a nasty rootkit on your computer.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Digitalx77

Digitalx77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 20 September 2011 - 01:09 PM

I am going to do a reformat and reinstall of my os.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,199 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:10 PM

Posted 20 September 2011 - 01:18 PM

Please let me know if you need any help with this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Digitalx77

Digitalx77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 20 September 2011 - 09:02 PM

Hi, I did a reformat and a fresh install of win xp. That drive seems to be fine, it is my main hd. I installed avg and it now is bringing up a threat on one of my other drivers called win32/katusha.a. What can I do to get rid of it?

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,199 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:10 PM

Posted 09 October 2011 - 03:48 AM

My apologies, I must have overlooked your reply. Please let me know if you still need help with this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,199 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:10 PM

Posted 23 October 2011 - 03:27 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users