Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access Google, and possibly others


  • This topic is locked This topic is locked
9 replies to this topic

#1 leibtek

leibtek

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 26 September 2011 - 03:53 PM

Hi,

My computer was infected, I ran Malwarebytes, it did clean, but I was left with unable to access Google.com. The page stays white and doesn't display the "not Found" page in any browser. Otherwise, the computer seems to be operating normally.

WIN XP Pro

Before reading the rules on this forum, I had downloaded and ran combofix. I see that it did delete some stuff but it didn't help the above problem.

I'm attaching here the DDS log, the Gmer log, the Malwarebytes log, and the combofix log.

Please advise,
Thank you,
Leib

Attached Files


Edited by leibtek, 26 September 2011 - 10:07 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 01 October 2011 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your logs.

Execute this and let me know if you can now reach Google.

Go start > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter
*/*

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 01 October 2011 - 09:14 PM

Thank you nasdaq.

I will try your suggestion on Monday.

Suspecting it may be a dns issue, I did an "nslookup" on Google, and I got the correct answers. I also switched the dns servers.

Thanks again.
leibtek

#4 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 03 October 2011 - 09:15 AM

Hi nasdaq,

Ok, I tried flushing the dns, and renewing, however that did not seem to help. (after a while I do get the Cannot Display page for Google). Another behavior I'd like to mention is that same webpages do not load fully. Take for example bleepingcomputer's Spyware Removal page, the page did not load the removal tool guides and the other side windows on the right below it.

Here is the results from the Security Check:

Results of screen317's Security Check version 0.99.20
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET NOD32 Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Mozilla Firefox (6.0.2) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Thanks again,
leibtek

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 04 October 2011 - 08:25 AM

>>> Download to your Desktop GooredFix by jpshortstuff from here or here
Ensure all Firefox windows are closed and right-click on GooredFix.exe and select Run As Administrator. Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Please copy and paste the contents of this log in your next reply.

p.s. On a Vista or Windows 7 computer right-click and select Run As Administrator.
====

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please let me know what problem persists.

#6 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 04 October 2011 - 09:45 AM

Hi nasdaq,

Here is the GooredFix log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:41 on 04/10/2011 (Administrator)
Firefox version 6.0.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:27 22/09/2011]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [18:27 02/11/2009]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [20:51 21/09/2011]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kgptrbz6.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [16:35 24/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:10 19/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:26 02/11/2009]

-=E.O.F=-


Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-04 09:42:11
-----------------------------
09:42:11.121 OS Version: Windows 5.1.2600 Service Pack 3
09:42:11.121 Number of processors: 2 586 0x170A
09:42:11.121 ComputerName: COMP2 UserName:
09:42:12.059 Initialize success
09:42:54.887 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:42:54.887 Disk 0 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
09:42:56.902 Disk 0 MBR read successfully
09:42:56.902 Disk 0 MBR scan
09:42:56.902 Disk 0 Windows XP default MBR code
09:42:56.902 Disk 0 scanning sectors +625137345
09:42:56.965 Disk 0 scanning C:\WINDOWS\system32\drivers
09:43:02.637 Service scanning
09:43:02.793 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
09:43:03.465 Modules scanning
09:43:06.590 Disk 0 trace - called modules:
09:43:06.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x89ec2181]<<
09:43:06.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a61cab8]
09:43:06.606 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a61fd98]
09:43:06.606 Scan finished successfully
09:44:25.356 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
09:44:25.371 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


Here is the TDSKiller log:

09:47:03.0527 2452 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
09:47:03.0777 2452 ============================================================
09:47:03.0777 2452 Current date / time: 2011/10/04 09:47:03.0777
09:47:03.0777 2452 SystemInfo:
09:47:03.0777 2452
09:47:03.0777 2452 OS Version: 5.1.2600 ServicePack: 3.0
09:47:03.0777 2452 Product type: Workstation
09:47:03.0777 2452 ComputerName: COMP2
09:47:03.0777 2452 UserName: Administrator
09:47:03.0777 2452 Windows directory: C:\WINDOWS
09:47:03.0777 2452 System windows directory: C:\WINDOWS
09:47:03.0777 2452 Processor architecture: Intel x86
09:47:03.0777 2452 Number of processors: 2
09:47:03.0777 2452 Page size: 0x1000
09:47:03.0777 2452 Boot type: Normal boot
09:47:03.0777 2452 ============================================================
09:47:04.0746 2452 Initialize success
09:47:15.0246 1464 ============================================================
09:47:15.0246 1464 Scan started
09:47:15.0246 1464 Mode: Manual;
09:47:15.0246 1464 ============================================================
09:47:15.0574 1464 Abiosdsk - ok
09:47:15.0606 1464 abp480n5 - ok
09:47:15.0621 1464 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:47:15.0637 1464 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
09:47:15.0637 1464 ACPI ( Virus.Win32.Rloader.a ) - infected
09:47:15.0637 1464 ACPI - detected Virus.Win32.Rloader.a (0)
09:47:15.0668 1464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:47:15.0668 1464 ACPIEC - ok
09:47:15.0684 1464 adpu160m - ok
09:47:15.0731 1464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:47:15.0731 1464 aec - ok
09:47:15.0762 1464 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
09:47:15.0762 1464 AFD - ok
09:47:15.0762 1464 Aha154x - ok
09:47:15.0777 1464 aic78u2 - ok
09:47:15.0777 1464 aic78xx - ok
09:47:15.0793 1464 AliIde - ok
09:47:15.0793 1464 amsint - ok
09:47:15.0809 1464 asc - ok
09:47:15.0809 1464 asc3350p - ok
09:47:15.0824 1464 asc3550 - ok
09:47:15.0856 1464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:47:15.0856 1464 AsyncMac - ok
09:47:15.0887 1464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:47:15.0887 1464 atapi - ok
09:47:15.0887 1464 Atdisk - ok
09:47:15.0918 1464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:47:15.0918 1464 Atmarpc - ok
09:47:15.0949 1464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:47:15.0949 1464 audstub - ok
09:47:15.0981 1464 awecho (689f2a49461b48d33d16c9e6b4605829) C:\WINDOWS\system32\drivers\awechomd.sys
09:47:15.0981 1464 awecho - ok
09:47:15.0981 1464 awlegacy (1464f3daf223e7a204baf1b556ee7769) C:\WINDOWS\System32\Drivers\awlegacy.sys
09:47:15.0981 1464 awlegacy - ok
09:47:15.0996 1464 AW_HOST (8e8ad237f548fea0736d22e4aa3e3f9d) C:\WINDOWS\system32\drivers\aw_host5.sys
09:47:15.0996 1464 AW_HOST - ok
09:47:16.0012 1464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:47:16.0012 1464 Beep - ok
09:47:16.0074 1464 catchme - ok
09:47:16.0106 1464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:47:16.0106 1464 cbidf2k - ok
09:47:16.0121 1464 cd20xrnt - ok
09:47:16.0121 1464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:47:16.0121 1464 Cdaudio - ok
09:47:16.0137 1464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:47:16.0137 1464 Cdfs - ok
09:47:16.0152 1464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:47:16.0152 1464 Cdrom - ok
09:47:16.0168 1464 cerc6 - ok
09:47:16.0168 1464 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:47:16.0184 1464 cercsr6 - ok
09:47:16.0184 1464 Changer - ok
09:47:16.0199 1464 CmdIde - ok
09:47:16.0199 1464 Cpqarray - ok
09:47:16.0215 1464 dac2w2k - ok
09:47:16.0215 1464 dac960nt - ok
09:47:16.0246 1464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:47:16.0262 1464 Disk - ok
09:47:16.0293 1464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:47:16.0293 1464 dmboot - ok
09:47:16.0293 1464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:47:16.0309 1464 dmio - ok
09:47:16.0309 1464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:47:16.0309 1464 dmload - ok
09:47:16.0340 1464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:47:16.0340 1464 DMusic - ok
09:47:16.0356 1464 dpti2o - ok
09:47:16.0371 1464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:47:16.0371 1464 drmkaud - ok
09:47:16.0387 1464 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:47:16.0387 1464 E100B - ok
09:47:16.0402 1464 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:47:16.0402 1464 eamon - ok
09:47:16.0434 1464 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:47:16.0434 1464 ehdrv - ok
09:47:16.0449 1464 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:47:16.0449 1464 epfwtdir - ok
09:47:16.0481 1464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:47:16.0481 1464 Fastfat - ok
09:47:16.0481 1464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:47:16.0481 1464 Fdc - ok
09:47:16.0496 1464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:47:16.0496 1464 Fips - ok
09:47:16.0496 1464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:47:16.0496 1464 Flpydisk - ok
09:47:16.0527 1464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:47:16.0527 1464 FltMgr - ok
09:47:16.0527 1464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:47:16.0527 1464 Fs_Rec - ok
09:47:16.0543 1464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:47:16.0543 1464 Ftdisk - ok
09:47:16.0574 1464 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:47:16.0574 1464 GEARAspiWDM - ok
09:47:16.0590 1464 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
09:47:16.0590 1464 Gernuwa - ok
09:47:16.0590 1464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:47:16.0590 1464 Gpc - ok
09:47:16.0621 1464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:47:16.0621 1464 HDAudBus - ok
09:47:16.0637 1464 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:47:16.0637 1464 hidusb - ok
09:47:16.0652 1464 hpn - ok
09:47:16.0684 1464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:47:16.0684 1464 HTTP - ok
09:47:16.0684 1464 i2omgmt - ok
09:47:16.0699 1464 i2omp - ok
09:47:16.0715 1464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:47:16.0715 1464 i8042prt - ok
09:47:16.0840 1464 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:47:16.0856 1464 ialm - ok
09:47:16.0871 1464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:47:16.0871 1464 Imapi - ok
09:47:16.0887 1464 ini910u - ok
09:47:16.0996 1464 IntcAzAudAddService (1660e885a2bac0cdd877aadae2d23479) C:\WINDOWS\system32\drivers\RtDHDAud.sys
09:47:17.0027 1464 IntcAzAudAddService - ok
09:47:17.0074 1464 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
09:47:17.0074 1464 IntelC51 - ok
09:47:17.0090 1464 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
09:47:17.0106 1464 IntelC52 - ok
09:47:17.0106 1464 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
09:47:17.0106 1464 IntelC53 - ok
09:47:17.0137 1464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:47:17.0137 1464 IntelIde - ok
09:47:17.0184 1464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:47:17.0184 1464 intelppm - ok
09:47:17.0184 1464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:47:17.0184 1464 Ip6Fw - ok
09:47:17.0215 1464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:47:17.0215 1464 IpFilterDriver - ok
09:47:17.0215 1464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:47:17.0215 1464 IpInIp - ok
09:47:17.0246 1464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:47:17.0246 1464 IpNat - ok
09:47:17.0246 1464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:47:17.0246 1464 IPSec - ok
09:47:17.0277 1464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:47:17.0277 1464 IRENUM - ok
09:47:17.0309 1464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:47:17.0309 1464 isapnp - ok
09:47:17.0356 1464 k57w2k (997190701bd80dd0f4412ed202cc7816) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
09:47:17.0356 1464 k57w2k - ok
09:47:17.0387 1464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:47:17.0402 1464 Kbdclass - ok
09:47:17.0434 1464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:47:17.0434 1464 kbdhid - ok
09:47:17.0465 1464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:47:17.0465 1464 kmixer - ok
09:47:17.0496 1464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:47:17.0496 1464 KSecDD - ok
09:47:17.0496 1464 lbrtfdc - ok
09:47:17.0512 1464 MBAMSwissArmy - ok
09:47:17.0527 1464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:47:17.0527 1464 mnmdd - ok
09:47:17.0543 1464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:47:17.0543 1464 Modem - ok
09:47:17.0559 1464 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:47:17.0559 1464 MODEMCSA - ok
09:47:17.0559 1464 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
09:47:17.0559 1464 mohfilt - ok
09:47:17.0574 1464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:47:17.0574 1464 Mouclass - ok
09:47:17.0606 1464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:47:17.0606 1464 mouhid - ok
09:47:17.0637 1464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:47:17.0637 1464 MountMgr - ok
09:47:17.0637 1464 mraid35x - ok
09:47:17.0652 1464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:47:17.0652 1464 MRxDAV - ok
09:47:17.0684 1464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:47:17.0684 1464 MRxSmb - ok
09:47:17.0684 1464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:47:17.0684 1464 Msfs - ok
09:47:17.0731 1464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:47:17.0731 1464 MSKSSRV - ok
09:47:17.0746 1464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:47:17.0746 1464 MSPCLOCK - ok
09:47:17.0777 1464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:47:17.0777 1464 MSPQM - ok
09:47:17.0793 1464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:47:17.0793 1464 mssmbios - ok
09:47:17.0809 1464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:47:17.0809 1464 Mup - ok
09:47:17.0809 1464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:47:17.0824 1464 NDIS - ok
09:47:17.0824 1464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:47:17.0824 1464 NdisTapi - ok
09:47:17.0856 1464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:47:17.0856 1464 Ndisuio - ok
09:47:17.0871 1464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:47:17.0871 1464 NdisWan - ok
09:47:17.0902 1464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:47:17.0902 1464 NDProxy - ok
09:47:17.0918 1464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:47:17.0918 1464 NetBIOS - ok
09:47:17.0934 1464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:47:17.0934 1464 NetBT - ok
09:47:17.0949 1464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:47:17.0949 1464 Npfs - ok
09:47:17.0981 1464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:47:17.0996 1464 Ntfs - ok
09:47:18.0012 1464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:47:18.0012 1464 Null - ok
09:47:18.0027 1464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:47:18.0027 1464 NwlnkFlt - ok
09:47:18.0027 1464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:47:18.0027 1464 NwlnkFwd - ok
09:47:18.0043 1464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:47:18.0043 1464 Parport - ok
09:47:18.0043 1464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:47:18.0043 1464 PartMgr - ok
09:47:18.0059 1464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:47:18.0074 1464 ParVdm - ok
09:47:18.0090 1464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:47:18.0090 1464 PCI - ok
09:47:18.0090 1464 PCIDump - ok
09:47:18.0106 1464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:47:18.0106 1464 PCIIde - ok
09:47:18.0121 1464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:47:18.0121 1464 Pcmcia - ok
09:47:18.0121 1464 PDCOMP - ok
09:47:18.0137 1464 PDFRAME - ok
09:47:18.0137 1464 PDRELI - ok
09:47:18.0137 1464 PDRFRAME - ok
09:47:18.0152 1464 perc2 - ok
09:47:18.0152 1464 perc2hib - ok
09:47:18.0184 1464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:47:18.0184 1464 PptpMiniport - ok
09:47:18.0215 1464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:47:18.0215 1464 PSched - ok
09:47:18.0215 1464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:47:18.0215 1464 Ptilink - ok
09:47:18.0231 1464 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:47:18.0231 1464 PxHelp20 - ok
09:47:18.0231 1464 ql1080 - ok
09:47:18.0246 1464 Ql10wnt - ok
09:47:18.0246 1464 ql12160 - ok
09:47:18.0262 1464 ql1240 - ok
09:47:18.0262 1464 ql1280 - ok
09:47:18.0293 1464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:47:18.0293 1464 RasAcd - ok
09:47:18.0309 1464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:47:18.0309 1464 Rasl2tp - ok
09:47:18.0309 1464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:47:18.0309 1464 RasPppoe - ok
09:47:18.0324 1464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:47:18.0324 1464 Raspti - ok
09:47:18.0340 1464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:47:18.0340 1464 Rdbss - ok
09:47:18.0340 1464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:47:18.0340 1464 RDPCDD - ok
09:47:18.0387 1464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:47:18.0387 1464 rdpdr - ok
09:47:18.0418 1464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:47:18.0418 1464 RDPWD - ok
09:47:18.0418 1464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:47:18.0418 1464 redbook - ok
09:47:18.0449 1464 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:47:18.0449 1464 RimUsb - ok
09:47:18.0465 1464 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:47:18.0481 1464 RimVSerPort - ok
09:47:18.0481 1464 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:47:18.0496 1464 ROOTMODEM - ok
09:47:18.0527 1464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:47:18.0527 1464 Secdrv - ok
09:47:18.0559 1464 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:47:18.0574 1464 senfilt - ok
09:47:18.0574 1464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:47:18.0574 1464 serenum - ok
09:47:18.0590 1464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:47:18.0590 1464 Serial - ok
09:47:18.0590 1464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:47:18.0590 1464 Sfloppy - ok
09:47:18.0606 1464 Simbad - ok
09:47:18.0652 1464 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:47:18.0652 1464 smwdm - ok
09:47:18.0652 1464 Sparrow - ok
09:47:18.0684 1464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:47:18.0684 1464 splitter - ok
09:47:18.0731 1464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:47:18.0731 1464 sr - ok
09:47:18.0746 1464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:47:18.0746 1464 Srv - ok
09:47:18.0777 1464 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:47:18.0777 1464 StillCam - ok
09:47:18.0793 1464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:47:18.0793 1464 swenum - ok
09:47:18.0809 1464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:47:18.0809 1464 swmidi - ok
09:47:18.0824 1464 symc810 - ok
09:47:18.0824 1464 symc8xx - ok
09:47:18.0824 1464 sym_hi - ok
09:47:18.0840 1464 sym_u3 - ok
09:47:18.0871 1464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:47:18.0871 1464 sysaudio - ok
09:47:18.0902 1464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:47:18.0902 1464 Tcpip - ok
09:47:18.0918 1464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:47:18.0934 1464 TDPIPE - ok
09:47:18.0965 1464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:47:18.0965 1464 TDTCP - ok
09:47:18.0981 1464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:47:18.0981 1464 TermDD - ok
09:47:18.0996 1464 TosIde - ok
09:47:19.0027 1464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:47:19.0027 1464 Udfs - ok
09:47:19.0027 1464 ultra - ok
09:47:19.0059 1464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:47:19.0059 1464 Update - ok
09:47:19.0106 1464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:47:19.0106 1464 usbccgp - ok
09:47:19.0137 1464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:47:19.0137 1464 usbehci - ok
09:47:19.0184 1464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:47:19.0184 1464 usbhub - ok
09:47:19.0215 1464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:47:19.0215 1464 usbprint - ok
09:47:19.0246 1464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:47:19.0246 1464 USBSTOR - ok
09:47:19.0277 1464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:47:19.0277 1464 usbuhci - ok
09:47:19.0293 1464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:47:19.0293 1464 VgaSave - ok
09:47:19.0309 1464 ViaIde - ok
09:47:19.0340 1464 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
09:47:19.0340 1464 vnccom - ok
09:47:19.0356 1464 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
09:47:19.0356 1464 vncdrv - ok
09:47:19.0387 1464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:47:19.0387 1464 VolSnap - ok
09:47:19.0402 1464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:47:19.0402 1464 Wanarp - ok
09:47:19.0402 1464 WDICA - ok
09:47:19.0449 1464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:47:19.0449 1464 wdmaud - ok
09:47:19.0481 1464 WinDriver6 (e2ef0e2a004944e6647826a0f415d668) C:\WINDOWS\system32\DRIVERS\Windrvr6.sys
09:47:19.0481 1464 WinDriver6 - ok
09:47:19.0496 1464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:47:19.0496 1464 WmiAcpi - ok
09:47:19.0543 1464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:47:19.0543 1464 WudfPf - ok
09:47:19.0559 1464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:47:19.0559 1464 WudfRd - ok
09:47:19.0590 1464 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:47:19.0652 1464 \Device\Harddisk0\DR0 - ok
09:47:19.0652 1464 Boot (0x1200) (33fa86a8edd9a9d8f05dd565f0f9bcb6) \Device\Harddisk0\DR0\Partition0
09:47:19.0652 1464 \Device\Harddisk0\DR0\Partition0 - ok
09:47:19.0652 1464 ============================================================
09:47:19.0652 1464 Scan finished
09:47:19.0652 1464 ============================================================
09:47:19.0668 3384 Detected object count: 1
09:47:19.0668 3384 Actual detected object count: 1
09:48:00.0293 3384 Backup copy found, using it..
09:48:00.0356 3384 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
09:48:00.0356 3384 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
09:48:18.0043 4008 Deinitialize success


Attached is the MBR.dat file.


THANKS! After running these (Ithink it was the TDSKiller), I can now get to Google again, and everything seems to be running quite smoothly.

Thank again,
leibtek

Attached Files

  • Attached File  MBR.zip   524bytes   0 downloads

Edited by leibtek, 04 October 2011 - 09:49 AM.


#7 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 04 October 2011 - 09:58 AM

Where can I donate a little something?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 04 October 2011 - 10:18 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

Where can I donate a little something?

My services are free, thank you for the offer.

Edited by nasdaq, 04 October 2011 - 10:18 AM.


#9 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 04 October 2011 - 10:23 AM

Greatly appreciated!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 05 October 2011 - 01:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users