Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virus scanners not opening


  • Please log in to reply
7 replies to this topic

#1 Fireskates

Fireskates

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 13 October 2011 - 12:23 AM

I am not able to run or install any anti-virus programs. I tried many of them, such as Avast!, AVG, Anti-Vir etc.
The installers close after some seconds and once i installed Spyware Doctor but it won't run, it also got closed after some seconds.
Also some hidden folder 'System Volume Information', 'RECYCLER', 'autorun', and some 'random.exe' get created automatically in every hard drive.
Please help me.

I am running Windows XP Pro SP3.

P.S. - I can't run DDS. It opens as notepad and displays something I can't read. Only thing I could read at the top was -
'This program cannot be run in DOS mode' :(
I get the file as a AutoCAD script and not a screensaver as shown in the guide, maybe because I have AutoCAD installed? How do I run it then? :unsure:

I ran GMER and have attached the logs

I have previously posted this topic in 'Am I infected? What do I do?' - http://www.bleepingcomputer.com/forums/topic423279.html

Thanks for any help. :thumbup2:

Attached File  ark.txt   12.24KB   2 downloads

Edited by Orange Blossom, 13 October 2011 - 12:07 PM.
Revealed link. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 AM

Posted 16 October 2011 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

Wait for further instructions.

#3 Fireskates

Fireskates
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 16 October 2011 - 10:24 AM

First of all, thanks for helping me out. :)

Okay, so I did the steps (Had some problem downloading TDSSKiller, the site wouldn't open, showed that 'Problem Loading Page'. So I told a friend to upload it and then downloaded it)

I have posted the logs and I have attached the file MBR.zip at the end of this post

Heres the aswMBR log-

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-16 21:01:26
-----------------------------
21:01:26.234 OS Version: Windows 5.1.2600 Service Pack 3
21:01:26.234 Number of processors: 1 586 0x209
21:01:26.234 ComputerName: COMPUTER UserName:
21:01:27.515 Initialize success
21:05:07.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:05:07.296 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
21:05:09.312 Disk 0 MBR read successfully
21:05:09.312 Disk 0 MBR scan
21:05:09.312 Disk 0 Windows XP default MBR code
21:05:09.328 Disk 0 scanning sectors +976752000
21:05:09.375 Disk 0 scanning C:\WINDOWS\system32\drivers
21:05:16.078 Service scanning
21:05:16.546 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:05:17.109 Modules scanning
21:05:35.281 Disk 0 trace - called modules:
21:05:35.296 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
21:05:35.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x822305e0]
21:05:35.296 3 CLASSPNP.SYS[f849ffd7] -> nt!IofCallDriver -> \Device\00000062[0x822313a8]
21:05:35.703 5 ACPI.sys[f8300620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82230b58]
21:05:35.718 Scan finished successfully
21:05:40.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rajeshwar\Desktop\MBR.dat"
21:05:40.609 The log file has been saved successfully to "C:\Documents and Settings\Rajeshwar\Desktop\aswMBR.txt"

=================
and Here is the TDSSKiller Report-

21:23:18.0093 4028 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
21:23:20.0093 4028 ============================================================
21:23:20.0093 4028 Current date / time: 2011/10/16 21:23:20.0093
21:23:20.0093 4028 SystemInfo:
21:23:20.0093 4028
21:23:20.0093 4028 OS Version: 5.1.2600 ServicePack: 3.0
21:23:20.0093 4028 Product type: Workstation
21:23:20.0093 4028 ComputerName: COMPUTER
21:23:20.0093 4028 UserName: Rajeshwar
21:23:20.0093 4028 Windows directory: C:\WINDOWS
21:23:20.0093 4028 System windows directory: C:\WINDOWS
21:23:20.0093 4028 Processor architecture: Intel x86
21:23:20.0093 4028 Number of processors: 1
21:23:20.0093 4028 Page size: 0x1000
21:23:20.0093 4028 Boot type: Normal boot
21:23:20.0093 4028 ============================================================
21:23:21.0171 4028 Initialize success
21:23:31.0609 2748 ============================================================
21:23:31.0609 2748 Scan started
21:23:31.0609 2748 Mode: Manual;
21:23:31.0609 2748 ============================================================
21:23:32.0593 2748 Abiosdsk - ok
21:23:33.0468 2748 abp480n5 - ok
21:23:34.0250 2748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:34.0265 2748 ACPI - ok
21:23:35.0031 2748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:35.0031 2748 ACPIEC - ok
21:23:35.0781 2748 adpu160m - ok
21:23:36.0640 2748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:36.0640 2748 aec - ok
21:23:37.0421 2748 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
21:23:37.0421 2748 AFD - ok
21:23:38.0203 2748 Aha154x - ok
21:23:39.0093 2748 aic78u2 - ok
21:23:39.0859 2748 aic78xx - ok
21:23:40.0640 2748 AliIde - ok
21:23:41.0453 2748 amsint - ok
21:23:42.0203 2748 amsint32 - ok
21:23:42.0984 2748 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
21:23:42.0984 2748 androidusb - ok
21:23:43.0750 2748 asc - ok
21:23:44.0562 2748 asc3350p - ok
21:23:45.0359 2748 asc3550 - ok
21:23:46.0125 2748 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
21:23:46.0140 2748 Aspi32 - ok
21:23:46.0921 2748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:46.0921 2748 AsyncMac - ok
21:23:47.0750 2748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:23:47.0750 2748 atapi - ok
21:23:48.0562 2748 Atdisk - ok
21:23:49.0515 2748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:49.0515 2748 Atmarpc - ok
21:23:50.0328 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:50.0328 2748 audstub - ok
21:23:51.0125 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:51.0125 2748 Beep - ok
21:23:51.0921 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:51.0921 2748 cbidf2k - ok
21:23:52.0671 2748 cd20xrnt - ok
21:23:53.0484 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:53.0500 2748 Cdaudio - ok
21:23:54.0265 2748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:54.0265 2748 Cdfs - ok
21:23:55.0062 2748 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:55.0078 2748 Cdrom - ok
21:23:55.0843 2748 Changer - ok
21:23:56.0671 2748 CmdIde - ok
21:23:57.0500 2748 cmuda (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys
21:23:57.0515 2748 cmuda - ok
21:23:58.0296 2748 Cpqarray - ok
21:23:59.0078 2748 dac2w2k - ok
21:23:59.0875 2748 dac960nt - ok
21:24:00.0671 2748 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:24:00.0671 2748 dgderdrv - ok
21:24:01.0453 2748 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
21:24:01.0468 2748 Disk - ok
21:24:02.0281 2748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:24:02.0312 2748 dmboot - ok
21:24:03.0156 2748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:24:03.0156 2748 dmio - ok
21:24:03.0968 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:24:03.0968 2748 dmload - ok
21:24:04.0734 2748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:24:04.0734 2748 DMusic - ok
21:24:05.0515 2748 dpti2o - ok
21:24:06.0328 2748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:24:06.0328 2748 drmkaud - ok
21:24:07.0109 2748 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:24:07.0109 2748 dtsoftbus01 - ok
21:24:07.0953 2748 ewusbnet (6295a7a4cb6a85a2d9cecb69c67511bb) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
21:24:07.0953 2748 ewusbnet - ok
21:24:08.0812 2748 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
21:24:08.0812 2748 exFat - ok
21:24:09.0937 2748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:24:09.0968 2748 Fastfat - ok
21:24:10.0828 2748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:24:10.0828 2748 Fdc - ok
21:24:12.0062 2748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:24:12.0078 2748 Fips - ok
21:24:13.0265 2748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:24:13.0265 2748 Flpydisk - ok
21:24:14.0265 2748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:24:14.0265 2748 FltMgr - ok
21:24:15.0218 2748 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
21:24:15.0218 2748 FsUsbExDisk - ok
21:24:16.0812 2748 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:24:16.0812 2748 Fs_Rec - ok
21:24:18.0968 2748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:24:18.0984 2748 Ftdisk - ok
21:24:20.0937 2748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:24:20.0937 2748 gameenum - ok
21:24:22.0031 2748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:24:22.0031 2748 Gpc - ok
21:24:23.0171 2748 hpn - ok
21:24:25.0062 2748 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
21:24:25.0078 2748 HTTP - ok
21:24:27.0640 2748 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:24:27.0656 2748 hwdatacard - ok
21:24:29.0562 2748 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
21:24:29.0562 2748 hwusbdev - ok
21:24:31.0328 2748 i2omgmt - ok
21:24:35.0328 2748 i2omp - ok
21:24:37.0078 2748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:24:37.0078 2748 i8042prt - ok
21:24:38.0046 2748 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:24:38.0078 2748 ialm - ok
21:24:39.0031 2748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:24:39.0031 2748 Imapi - ok
21:24:40.0125 2748 ini910u - ok
21:24:40.0984 2748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:24:40.0984 2748 IntelIde - ok
21:24:42.0406 2748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:24:42.0406 2748 intelppm - ok
21:24:43.0578 2748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:24:43.0578 2748 Ip6Fw - ok
21:24:44.0593 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:24:44.0593 2748 IpFilterDriver - ok
21:24:45.0750 2748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:24:45.0750 2748 IpInIp - ok
21:24:46.0546 2748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:24:46.0546 2748 IpNat - ok
21:24:47.0343 2748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:24:47.0343 2748 IPSec - ok
21:24:48.0109 2748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:24:48.0125 2748 IRENUM - ok
21:24:48.0875 2748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:24:48.0875 2748 isapnp - ok
21:24:49.0859 2748 jrdusbser (ae2200ba12eb181fd512b38b19953f4f) C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
21:24:49.0859 2748 jrdusbser - ok
21:24:50.0812 2748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:24:50.0812 2748 Kbdclass - ok
21:24:51.0578 2748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:24:51.0593 2748 kmixer - ok
21:24:52.0375 2748 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:24:52.0375 2748 KSecDD - ok
21:24:53.0125 2748 lbrtfdc - ok
21:24:53.0953 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:24:53.0968 2748 mnmdd - ok
21:24:54.0875 2748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:24:54.0875 2748 Modem - ok
21:24:55.0640 2748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:24:55.0640 2748 Mouclass - ok
21:24:56.0421 2748 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
21:24:56.0437 2748 MountMgr - ok
21:24:57.0218 2748 mraid35x - ok
21:24:58.0250 2748 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:24:58.0250 2748 MRxDAV - ok
21:24:59.0046 2748 MRxSmb (fb7dfd15d760ad339837a470f0e780d3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:24:59.0062 2748 MRxSmb - ok
21:24:59.0890 2748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:24:59.0890 2748 Msfs - ok
21:25:00.0812 2748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:00.0812 2748 MSKSSRV - ok
21:25:01.0578 2748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:01.0578 2748 MSPCLOCK - ok
21:25:02.0671 2748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:02.0671 2748 MSPQM - ok
21:25:03.0484 2748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:03.0484 2748 mssmbios - ok
21:25:04.0328 2748 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
21:25:04.0328 2748 Mup - ok
21:25:05.0140 2748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:25:05.0156 2748 NDIS - ok
21:25:06.0015 2748 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:25:06.0015 2748 NdisTapi - ok
21:25:06.0781 2748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:25:06.0781 2748 Ndisuio - ok
21:25:07.0593 2748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:25:07.0609 2748 NdisWan - ok
21:25:08.0359 2748 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys
21:25:08.0375 2748 NDProxy - ok
21:25:09.0203 2748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:25:09.0203 2748 NetBIOS - ok
21:25:10.0031 2748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:25:10.0046 2748 NetBT - ok
21:25:10.0843 2748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:25:10.0859 2748 Npfs - ok
21:25:11.0718 2748 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:11.0734 2748 Ntfs - ok
21:25:12.0593 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:25:12.0593 2748 Null - ok
21:25:13.0390 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:13.0406 2748 NwlnkFlt - ok
21:25:14.0203 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:14.0203 2748 NwlnkFwd - ok
21:25:15.0015 2748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:25:15.0031 2748 Parport - ok
21:25:15.0781 2748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:15.0781 2748 PartMgr - ok
21:25:16.0531 2748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:16.0531 2748 ParVdm - ok
21:25:17.0359 2748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:17.0359 2748 PCI - ok
21:25:18.0234 2748 PCIDump - ok
21:25:19.0125 2748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:19.0125 2748 PCIIde - ok
21:25:19.0906 2748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:25:19.0906 2748 Pcmcia - ok
21:25:20.0656 2748 PDCOMP - ok
21:25:21.0765 2748 PDFRAME - ok
21:25:23.0015 2748 PDRELI - ok
21:25:23.0734 2748 PDRFRAME - ok
21:25:24.0515 2748 perc2 - ok
21:25:25.0296 2748 perc2hib - ok
21:25:26.0296 2748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:26.0296 2748 PptpMiniport - ok
21:25:27.0125 2748 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:27.0125 2748 PSched - ok
21:25:27.0953 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:27.0968 2748 Ptilink - ok
21:25:28.0703 2748 ql1080 - ok
21:25:29.0468 2748 Ql10wnt - ok
21:25:30.0281 2748 ql12160 - ok
21:25:31.0046 2748 ql1240 - ok
21:25:31.0812 2748 ql1280 - ok
21:25:32.0593 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:32.0593 2748 RasAcd - ok
21:25:33.0453 2748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:33.0468 2748 Rasl2tp - ok
21:25:34.0265 2748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:34.0265 2748 RasPppoe - ok
21:25:35.0046 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:25:35.0046 2748 Raspti - ok
21:25:35.0937 2748 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:25:35.0937 2748 Rdbss - ok
21:25:36.0718 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:25:36.0718 2748 RDPCDD - ok
21:25:37.0562 2748 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:25:37.0578 2748 rdpdr - ok
21:25:38.0421 2748 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
21:25:38.0421 2748 RDPWD - ok
21:25:39.0234 2748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:25:39.0250 2748 redbook - ok
21:25:40.0093 2748 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:25:40.0093 2748 RTL8023xp - ok
21:25:40.0921 2748 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:25:40.0921 2748 rtl8139 - ok
21:25:41.0734 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:25:41.0750 2748 Secdrv - ok
21:25:42.0515 2748 Ser2pl - ok
21:25:43.0359 2748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:25:43.0359 2748 serenum - ok
21:25:44.0187 2748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:25:44.0187 2748 Serial - ok
21:25:44.0984 2748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:25:44.0984 2748 Sfloppy - ok
21:25:45.0812 2748 Si3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\drivers\Si3112.sys
21:25:45.0812 2748 Si3112 - ok
21:25:46.0718 2748 Simbad - ok
21:25:47.0500 2748 Sparrow - ok
21:25:48.0296 2748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:25:48.0296 2748 splitter - ok
21:25:49.0093 2748 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys
21:25:49.0093 2748 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
21:25:49.0093 2748 sptd ( LockedFile.Multi.Generic ) - warning
21:25:49.0093 2748 sptd - detected LockedFile.Multi.Generic (1)
21:25:49.0953 2748 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:25:49.0953 2748 Sr - ok
21:25:51.0093 2748 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
21:25:51.0109 2748 Srv - ok
21:25:51.0921 2748 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:25:51.0937 2748 ssadbus - ok
21:25:52.0781 2748 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:25:52.0781 2748 ssadmdfl - ok
21:25:53.0656 2748 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:25:53.0671 2748 ssadmdm - ok
21:25:54.0484 2748 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:25:54.0484 2748 ssadserd - ok
21:25:55.0296 2748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:25:55.0296 2748 swenum - ok
21:25:56.0140 2748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:25:56.0140 2748 swmidi - ok
21:25:56.0968 2748 symc810 - ok
21:25:58.0250 2748 symc8xx - ok
21:25:59.0000 2748 sym_hi - ok
21:25:59.0812 2748 sym_u3 - ok
21:26:01.0250 2748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:26:01.0250 2748 sysaudio - ok
21:26:02.0343 2748 Tcpip (474d3dccb57defcd917311eec47204b9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:26:02.0359 2748 Tcpip - ok
21:26:03.0265 2748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:26:03.0265 2748 TDPIPE - ok
21:26:04.0046 2748 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
21:26:04.0062 2748 TDTCP - ok
21:26:05.0093 2748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:26:05.0093 2748 TermDD - ok
21:26:06.0015 2748 TosIde - ok
21:26:06.0796 2748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:26:06.0812 2748 Udfs - ok
21:26:07.0562 2748 ultra - ok
21:26:07.0625 2748 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:26:07.0625 2748 UnlockerDriver5 - ok
21:26:08.0484 2748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:26:08.0500 2748 Update - ok
21:26:09.0359 2748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:26:09.0359 2748 usbccgp - ok
21:26:10.0265 2748 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:26:10.0265 2748 usbehci - ok
21:26:11.0125 2748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:26:11.0125 2748 usbhub - ok
21:26:11.0921 2748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:26:11.0921 2748 USBSTOR - ok
21:26:12.0671 2748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:26:12.0687 2748 usbuhci - ok
21:26:13.0421 2748 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:26:13.0437 2748 usb_rndisx - ok
21:26:14.0281 2748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:26:14.0281 2748 VgaSave - ok
21:26:15.0093 2748 ViaIde - ok
21:26:15.0875 2748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:26:15.0875 2748 VolSnap - ok
21:26:16.0734 2748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:26:16.0734 2748 Wanarp - ok
21:26:17.0546 2748 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:26:17.0562 2748 Wdf01000 - ok
21:26:18.0437 2748 WDICA - ok
21:26:19.0218 2748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:26:19.0218 2748 wdmaud - ok
21:26:20.0062 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:26:20.0062 2748 WS2IFSL - ok
21:26:20.0890 2748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:26:20.0906 2748 WudfPf - ok
21:26:21.0687 2748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:26:21.0703 2748 WudfRd - ok
21:26:22.0734 2748 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
21:26:22.0734 2748 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:26:23.0546 2748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
21:26:23.0546 2748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:26:23.0562 2748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:26:23.0671 2748 \Device\Harddisk0\DR0 - ok
21:26:23.0687 2748 Boot (0x1200) (ed26a5fbaa6afdeaabe59a8f0adfd826) \Device\Harddisk0\DR0\Partition0
21:26:23.0687 2748 \Device\Harddisk0\DR0\Partition0 - ok
21:26:23.0718 2748 Boot (0x1200) (258e42d90ef1e8233b7a47719144f763) \Device\Harddisk0\DR0\Partition1
21:26:23.0734 2748 \Device\Harddisk0\DR0\Partition1 - ok
21:26:23.0750 2748 Boot (0x1200) (ed494f364a8917225566f41a7db9d5bd) \Device\Harddisk0\DR0\Partition2
21:26:23.0750 2748 \Device\Harddisk0\DR0\Partition2 - ok
21:26:23.0781 2748 Boot (0x1200) (4f46a58850280b7242b4ebd4354dc297) \Device\Harddisk0\DR0\Partition3
21:26:23.0781 2748 \Device\Harddisk0\DR0\Partition3 - ok
21:26:23.0781 2748 ============================================================
21:26:23.0781 2748 Scan finished
21:26:23.0781 2748 ============================================================
21:26:23.0812 3960 Detected object count: 1
21:26:23.0812 3960 Actual detected object count: 1
21:26:42.0750 3960 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:26:42.0750 3960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

======================
Thanks again for helping me out. :)
Attached File  MBR.zip   508bytes   0 downloads

Edited by Fireskates, 16 October 2011 - 10:26 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 AM

Posted 16 October 2011 - 12:52 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 Fireskates

Fireskates
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 16 October 2011 - 11:16 PM

Okay, so I did it all, but am facing some problems. When I ran ComboFix, it did all things and went upto some Stage, after it, my computer booted automatically. After reboot, I see a file in C: named ComboFix, but its not a .txt file, its kind of a folder. Here is its screenshot.
Posted Image
Anyway, I can't upload the file, because it has a large file size, about 33 MB.

Thanks :)

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 AM

Posted 17 October 2011 - 08:51 AM

Where did you install ComboFix?

My instructions were to install it on your Desktop.

If it was installed on your C:\ driver please remove it.


The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Download a fresh copy and make sure you run it from your Desktop.

#7 Fireskates

Fireskates
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 17 October 2011 - 11:08 PM

I did run it from my desktop.
Shall I still
Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
????

Edited by Fireskates, 17 October 2011 - 11:21 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 AM

Posted 18 October 2011 - 09:05 AM

Try this.

Just rename ComboFix.exe to UNINSTALL.exe and double click it. It's case insensitive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users