Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE does not load some pages.


  • Please log in to reply
13 replies to this topic

#1 duenas77

duenas77

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 06 November 2011 - 08:03 AM

I am trying to help my little nephew fix his computer. It has Windows XP Home Edition 2002 Sp3. It also has Trend Micro Titanium Maximum Security. It is a "hand me down" computer so nobody really remembers or knows what the heck happened to this little computer. He was complaining about IE crashing on him. I saw an Icon that says "Anti Malware Doctor" but there is no application associated with it. It seems like it has been removed.
I worked on it for about an hour. At first it seemed to me like it was working fine, IE was not crashing on me but then it did, all icons in the desktop disappeared and also the taskbar. Ctrl+Alt+Del did not work either so I did a hard reboot.
I installed Google Chrome and downloaded IE8. Now IE does not open some pages specially those in which we can get help against malware. For example Bleepingcomputer. IE opens the page but then "A problem with this page caused IE to close and reopen this tab" shows from the top of the tab and then IE gives me this message.

"We were unable to return you to bleepingcomputer.com.

Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page

Try to return to bleepingcomputer.com"

And also some other sites. I was trying to open several different sites such as ebay, my hotmail,etc. and they open fine but they also crash every now and then.

I downloaded Hijackthis and Spybot S&D but I have not installed them yet. I wonder If this computer is/was infected and there may be some leftovers lingering in here. So I am here humbly asking for your advice and guidance.

God bless you and thanks for your help

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 06 November 2011 - 11:43 AM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 06 November 2011 - 07:56 PM

Here's the Security chkp lg (It took long to run so I tried to open a browser. I realized it was running and closed it down right away. I hope it did not throw it off)
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro UniClient UiFrmWrk uiWatchDog.exe
``````````End of Log````````````

And here's the minitoolbox report

MiniToolBox by Farbar
Ran by Heriberto (administrator) on 06-11-2011 at 17:16:23
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : girls-d76993bc9

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

Physical Address. . . . . . . . . : 00-1D-09-7C-E2-CB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 5:08:53 PM

Lease Expires . . . . . . . . . . : Monday, November 07, 2011 5:08:53 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.64.106, 173.194.64.104, 173.194.64.103, 173.194.64.147
173.194.64.99, 173.194.64.105



Pinging google.com [173.194.64.147] with 32 bytes of data:



Reply from 173.194.64.147: bytes=32 time=40ms TTL=45

Reply from 173.194.64.147: bytes=32 time=41ms TTL=45



Ping statistics for 173.194.64.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 41ms, Average = 40ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=79ms TTL=49

Reply from 98.137.149.56: bytes=32 time=147ms TTL=49



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 147ms, Average = 113ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 7c e2 cb ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.6 20
192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20
224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20
255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 06:40:18 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/24/2011 10:19:14 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 10:16:41 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 10:15:56 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 10:02:35 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 09:51:41 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 09:43:48 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 09:34:35 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 09:18:43 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]

Error: (09/24/2011 09:02:26 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.33.21.1, faulting module unknown, version 0.0.0.0, fault address 0x00268d42.
Processing media-specific event for [safari.exe!ws!]


System errors:
=============
Error: (11/06/2011 05:07:54 PM) (Source: Service Control Manager) (User: )
Description: The SPService service terminated with the following error:
%%2

Error: (11/06/2011 05:07:54 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (11/06/2011 06:33:10 AM) (Source: Service Control Manager) (User: )
Description: The SPService service terminated with the following error:
%%2

Error: (11/06/2011 06:33:10 AM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (11/05/2011 08:41:15 PM) (Source: Service Control Manager) (User: )
Description: The SPService service terminated with the following error:
%%2

Error: (11/05/2011 08:41:15 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (11/05/2011 08:15:55 PM) (Source: Service Control Manager) (User: )
Description: The SPService service terminated with the following error:
%%2

Error: (11/05/2011 08:15:55 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (11/05/2011 03:25:18 PM) (Source: Service Control Manager) (User: )
Description: The SPService service terminated with the following error:
%%2

Error: (11/05/2011 03:25:18 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (11/06/2011 06:40:18 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187020.0.0.000000000

Error: (09/24/2011 10:19:14 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 10:16:41 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 10:15:56 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 10:02:35 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 09:51:41 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 09:43:48 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 09:34:35 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 09:18:43 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42

Error: (09/24/2011 09:02:26 AM) (Source: Application Error)(User: )
Description: safari.exe5.33.21.1unknown0.0.0.000268d42


=========================== Installed Programs ============================

Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bing Bar Platform (Version: 6.3.2348.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 2.0.5.0)
Dell Resource CD (Version: 1.00.0000)
FrostWire 4.21.3 (Version: 4.21.3.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® PRO Network Connections 12.1.12.0 (Version: )
iTunes (Version: 10.3.1.55)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Logitech SetPoint (Version: 2.40)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSN
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.5408)
Safari (Version: 5.33.21.1)
Trend Micro Titanium Maximum Security (Version: 3.1.1109)
Trend Micro™ Titanium™ Maximum Security (Version: 3.00)
WebFldrs XP (Version: 9.50.7523)
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 1013.1 MB
Available physical RAM: 711.11 MB
Total Pagefile: 2440.4 MB
Available Pagefile: 2234.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149 GB) (Free:134.75 GB) NTFS

========================= Users: ========================================

User accounts for \\GIRLS-D76993BC9

Administrator Guest HelpAssistant
Heriberto SUPPORT_388945a0


**** End of log ****

Here's the Malwarebytes Antimalware report

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2011 6:20:34 PM
mbam-log-2011-11-06 (18-20-34).txt

Scan type: Quick scan
Objects scanned: 163965
Time elapsed: 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\heriberto\application data\505qzyac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\7c9cr2a.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\kcqjdnui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\m3gogeamk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\snsdmmxz1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\conima.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\cftnom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\heriberto\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\cftnom.bat (Trojan.Agent) -> Quarantined and deleted successfully.

And now it is running incredibly slow.
Thanks for helping us

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 06 November 2011 - 07:59 PM

I still need GMER log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 06 November 2011 - 09:19 PM

Sorry about that.
Here it is


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-06 18:43:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160815AS rev.3.ADA
Running: 6j2zuv8r.exe; Driver: C:\DOCUME~1\HERIBE~1\LOCALS~1\Temp\ufkcrkoc.sys


---- System - GMER 1.0.15 ----

SSDT 85C57780 ZwCreateKey
SSDT 85C1B500 ZwCreateMutant
SSDT 85C56580 ZwCreateProcess
SSDT 85C56880 ZwCreateProcessEx
SSDT 85C1B8C0 ZwCreateSymbolicLinkObject
SSDT 85C1B020 ZwCreateThread
SSDT 85C57D80 ZwDeleteKey
SSDT 85C58680 ZwDeleteValueKey
SSDT 85C1BAA0 ZwDuplicateObject
SSDT 85C1B200 ZwLoadDriver
SSDT 85C56B80 ZwOpenProcess
SSDT 85C58C60 ZwOpenSection
SSDT 85C56E80 ZwOpenThread
SSDT 85C58080 ZwRenameKey
SSDT 85C58380 ZwRestoreKey
SSDT 85C1B6E0 ZwSetSystemInformation
SSDT 85C57A80 ZwSetValueKey
SSDT 85C57180 ZwTerminateProcess
SSDT 85C57480 ZwTerminateThread
SSDT 85C58E40 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? vietpuj.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8655531B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8655531B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8655531B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8655531B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8655531B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8655531B

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 06 November 2011 - 09:22 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 06 November 2011 - 09:52 PM

Thanks again for your help, I will have to do it tomorrow late in the afternoon when I come back form work.
I guess I'll see you then, God willing.
Martin

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 06 November 2011 - 10:08 PM

No problem :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 07 November 2011 - 04:41 PM

Good afternoon
Here's the TDSSkiller report


15:35:55.0062 0156 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
15:35:55.0671 0156 ============================================================
15:35:55.0687 0156 Current date / time: 2011/11/07 15:35:55.0671
15:35:55.0687 0156 SystemInfo:
15:35:55.0687 0156
15:35:55.0687 0156 OS Version: 5.1.2600 ServicePack: 3.0
15:35:55.0687 0156 Product type: Workstation
15:35:55.0687 0156 ComputerName: GIRLS-D76993BC9
15:35:55.0687 0156 UserName: Heriberto
15:35:55.0687 0156 Windows directory: C:\WINDOWS
15:35:55.0687 0156 System windows directory: C:\WINDOWS
15:35:55.0687 0156 Processor architecture: Intel x86
15:35:55.0687 0156 Number of processors: 2
15:35:55.0687 0156 Page size: 0x1000
15:35:55.0687 0156 Boot type: Normal boot
15:35:55.0687 0156 ============================================================
15:35:56.0250 0156 Initialize success
15:36:11.0062 2928 ============================================================
15:36:11.0062 2928 Scan started
15:36:11.0062 2928 Mode: Manual;
15:36:11.0062 2928 ============================================================
15:36:11.0328 2928 Abiosdsk - ok
15:36:11.0359 2928 abp480n5 - ok
15:36:11.0406 2928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:36:11.0421 2928 ACPI - ok
15:36:11.0468 2928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:36:11.0468 2928 ACPIEC - ok
15:36:11.0468 2928 adpu160m - ok
15:36:11.0515 2928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:36:11.0515 2928 aec - ok
15:36:11.0562 2928 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:36:11.0578 2928 AegisP - ok
15:36:11.0609 2928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:36:11.0625 2928 AFD - ok
15:36:11.0640 2928 Aha154x - ok
15:36:11.0656 2928 aic78u2 - ok
15:36:11.0687 2928 aic78xx - ok
15:36:11.0734 2928 AliIde - ok
15:36:11.0750 2928 amsint - ok
15:36:11.0812 2928 asc - ok
15:36:11.0843 2928 asc3350p - ok
15:36:11.0859 2928 asc3550 - ok
15:36:11.0906 2928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:36:11.0906 2928 AsyncMac - ok
15:36:11.0937 2928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:36:11.0953 2928 atapi - ok
15:36:11.0968 2928 Atdisk - ok
15:36:12.0000 2928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:36:12.0000 2928 Atmarpc - ok
15:36:12.0062 2928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:36:12.0062 2928 audstub - ok
15:36:12.0109 2928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:36:12.0109 2928 Beep - ok
15:36:12.0187 2928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:36:12.0187 2928 cbidf2k - ok
15:36:12.0203 2928 cd20xrnt - ok
15:36:12.0218 2928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:36:12.0218 2928 Cdaudio - ok
15:36:12.0250 2928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:36:12.0250 2928 Cdfs - ok
15:36:12.0281 2928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:36:12.0281 2928 Cdrom - ok
15:36:12.0328 2928 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:36:12.0343 2928 cercsr6 - ok
15:36:12.0359 2928 Changer - ok
15:36:12.0421 2928 CmdIde - ok
15:36:12.0500 2928 Cpqarray - ok
15:36:12.0531 2928 dac2w2k - ok
15:36:12.0578 2928 dac960nt - ok
15:36:12.0656 2928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:36:12.0656 2928 Disk - ok
15:36:12.0718 2928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:36:12.0734 2928 dmboot - ok
15:36:12.0765 2928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:36:12.0765 2928 dmio - ok
15:36:12.0796 2928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:36:12.0796 2928 dmload - ok
15:36:12.0843 2928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:36:12.0843 2928 DMusic - ok
15:36:12.0890 2928 dpti2o - ok
15:36:12.0906 2928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:36:12.0921 2928 drmkaud - ok
15:36:12.0968 2928 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:36:12.0984 2928 e1express - ok
15:36:13.0109 2928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:36:13.0109 2928 Fastfat - ok
15:36:13.0140 2928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:36:13.0140 2928 Fdc - ok
15:36:13.0187 2928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:36:13.0187 2928 Fips - ok
15:36:13.0218 2928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:36:13.0218 2928 Flpydisk - ok
15:36:13.0250 2928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:36:13.0250 2928 FltMgr - ok
15:36:13.0265 2928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:36:13.0265 2928 Fs_Rec - ok
15:36:13.0281 2928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:36:13.0296 2928 Ftdisk - ok
15:36:13.0343 2928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:36:13.0343 2928 GEARAspiWDM - ok
15:36:13.0359 2928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:36:13.0359 2928 Gpc - ok
15:36:13.0406 2928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:36:13.0406 2928 HDAudBus - ok
15:36:13.0453 2928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:36:13.0453 2928 hidusb - ok
15:36:13.0500 2928 hpn - ok
15:36:13.0546 2928 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:36:13.0546 2928 HPZid412 - ok
15:36:13.0578 2928 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:36:13.0578 2928 HPZipr12 - ok
15:36:13.0656 2928 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:36:13.0656 2928 HPZius12 - ok
15:36:13.0703 2928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:36:13.0703 2928 HTTP - ok
15:36:13.0734 2928 i2omgmt - ok
15:36:13.0765 2928 i2omp - ok
15:36:13.0796 2928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
15:36:13.0796 2928 i8042prt - ok
15:36:13.0828 2928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:36:13.0828 2928 Imapi - ok
15:36:13.0875 2928 ini910u - ok
15:36:14.0031 2928 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:36:14.0078 2928 IntcAzAudAddService - ok
15:36:14.0125 2928 IntelIde - ok
15:36:14.0187 2928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:36:14.0187 2928 intelppm - ok
15:36:14.0218 2928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:36:14.0218 2928 Ip6Fw - ok
15:36:14.0265 2928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:36:14.0265 2928 IpFilterDriver - ok
15:36:14.0296 2928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:36:14.0296 2928 IpInIp - ok
15:36:14.0312 2928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:36:14.0328 2928 IpNat - ok
15:36:14.0343 2928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:36:14.0359 2928 IPSec - ok
15:36:14.0375 2928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:36:14.0375 2928 IRENUM - ok
15:36:14.0421 2928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:36:14.0421 2928 isapnp - ok
15:36:14.0453 2928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:36:14.0453 2928 Kbdclass - ok
15:36:14.0484 2928 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:36:14.0484 2928 kbdhid - ok
15:36:14.0515 2928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:36:14.0515 2928 kmixer - ok
15:36:14.0562 2928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:36:14.0562 2928 KSecDD - ok
15:36:14.0609 2928 lbrtfdc - ok
15:36:14.0671 2928 LHidKe (706f3eb3add1b6ef8815cf0ec88c1ef3) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
15:36:14.0671 2928 LHidKe - ok
15:36:14.0734 2928 LMouKE (c4eeb836d5596fb590f6ff538b66d092) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:36:14.0734 2928 LMouKE - ok
15:36:14.0750 2928 MBAMSwissArmy - ok
15:36:14.0828 2928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:36:14.0828 2928 mnmdd - ok
15:36:14.0890 2928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:36:14.0890 2928 Modem - ok
15:36:14.0921 2928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:36:14.0937 2928 Mouclass - ok
15:36:14.0953 2928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:36:14.0953 2928 mouhid - ok
15:36:14.0968 2928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:36:14.0984 2928 MountMgr - ok
15:36:15.0000 2928 mraid35x - ok
15:36:15.0015 2928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:36:15.0015 2928 MRxDAV - ok
15:36:15.0093 2928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:36:15.0093 2928 MRxSmb - ok
15:36:15.0125 2928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:36:15.0125 2928 Msfs - ok
15:36:15.0187 2928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:36:15.0187 2928 MSKSSRV - ok
15:36:15.0203 2928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:36:15.0203 2928 MSPCLOCK - ok
15:36:15.0234 2928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:36:15.0234 2928 MSPQM - ok
15:36:15.0265 2928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:36:15.0265 2928 mssmbios - ok
15:36:15.0296 2928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:36:15.0296 2928 Mup - ok
15:36:15.0359 2928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:36:15.0359 2928 NDIS - ok
15:36:15.0421 2928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:36:15.0421 2928 NdisTapi - ok
15:36:15.0437 2928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:36:15.0437 2928 Ndisuio - ok
15:36:15.0468 2928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:36:15.0468 2928 NdisWan - ok
15:36:15.0500 2928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:36:15.0500 2928 NDProxy - ok
15:36:15.0546 2928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:36:15.0546 2928 NetBIOS - ok
15:36:15.0578 2928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:36:15.0578 2928 NetBT - ok
15:36:15.0703 2928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:36:15.0703 2928 Npfs - ok
15:36:15.0734 2928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:36:15.0734 2928 Ntfs - ok
15:36:15.0796 2928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:36:15.0796 2928 Null - ok
15:36:15.0875 2928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:36:15.0875 2928 NwlnkFlt - ok
15:36:15.0890 2928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:36:15.0890 2928 NwlnkFwd - ok
15:36:15.0921 2928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:36:15.0921 2928 Parport - ok
15:36:15.0937 2928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:36:15.0937 2928 PartMgr - ok
15:36:15.0968 2928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:36:15.0984 2928 ParVdm - ok
15:36:16.0015 2928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:36:16.0015 2928 PCI - ok
15:36:16.0031 2928 PCIDump - ok
15:36:16.0062 2928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:36:16.0062 2928 PCIIde - ok
15:36:16.0109 2928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:36:16.0109 2928 Pcmcia - ok
15:36:16.0125 2928 PDCOMP - ok
15:36:16.0140 2928 PDFRAME - ok
15:36:16.0187 2928 PDRELI - ok
15:36:16.0218 2928 PDRFRAME - ok
15:36:16.0265 2928 perc2 - ok
15:36:16.0281 2928 perc2hib - ok
15:36:16.0437 2928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:36:16.0437 2928 PptpMiniport - ok
15:36:16.0468 2928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:36:16.0468 2928 PSched - ok
15:36:16.0484 2928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:36:16.0500 2928 Ptilink - ok
15:36:16.0546 2928 ql1080 - ok
15:36:16.0578 2928 Ql10wnt - ok
15:36:16.0593 2928 ql12160 - ok
15:36:16.0625 2928 ql1240 - ok
15:36:16.0656 2928 ql1280 - ok
15:36:16.0687 2928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:36:16.0687 2928 RasAcd - ok
15:36:16.0718 2928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:36:16.0718 2928 Rasl2tp - ok
15:36:16.0796 2928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:36:16.0796 2928 RasPppoe - ok
15:36:16.0828 2928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:36:16.0828 2928 Raspti - ok
15:36:16.0859 2928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:36:16.0875 2928 Rdbss - ok
15:36:16.0937 2928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:36:16.0937 2928 RDPCDD - ok
15:36:17.0015 2928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:36:17.0015 2928 RDPWD - ok
15:36:17.0046 2928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:36:17.0046 2928 redbook - ok
15:36:17.0187 2928 rt2870 (a6886caf9d03dade7144171e471eca6f) C:\WINDOWS\system32\DRIVERS\rt2870.sys
15:36:17.0265 2928 rt2870 - ok
15:36:17.0328 2928 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
15:36:17.0343 2928 RT73 - ok
15:36:17.0453 2928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:36:17.0453 2928 Secdrv - ok
15:36:17.0500 2928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:36:17.0500 2928 Serial - ok
15:36:17.0515 2928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:36:17.0515 2928 Sfloppy - ok
15:36:17.0562 2928 Simbad - ok
15:36:17.0593 2928 Sparrow - ok
15:36:17.0640 2928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:36:17.0640 2928 splitter - ok
15:36:17.0671 2928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:36:17.0671 2928 sr - ok
15:36:17.0718 2928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:36:17.0718 2928 Srv - ok
15:36:17.0781 2928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:36:17.0781 2928 swenum - ok
15:36:17.0812 2928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:36:17.0812 2928 swmidi - ok
15:36:17.0875 2928 symc810 - ok
15:36:17.0890 2928 symc8xx - ok
15:36:17.0921 2928 sym_hi - ok
15:36:17.0937 2928 sym_u3 - ok
15:36:17.0984 2928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:36:17.0984 2928 sysaudio - ok
15:36:18.0046 2928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:36:18.0046 2928 Tcpip - ok
15:36:18.0109 2928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:36:18.0109 2928 TDPIPE - ok
15:36:18.0125 2928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:36:18.0140 2928 TDTCP - ok
15:36:18.0156 2928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:36:18.0156 2928 TermDD - ok
15:36:18.0218 2928 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
15:36:18.0234 2928 tmactmon - ok
15:36:18.0265 2928 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
15:36:18.0281 2928 tmcomm - ok
15:36:18.0296 2928 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
15:36:18.0296 2928 tmevtmgr - ok
15:36:18.0359 2928 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
15:36:18.0359 2928 tmtdi - ok
15:36:18.0375 2928 TosIde - ok
15:36:18.0531 2928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:36:18.0531 2928 Udfs - ok
15:36:18.0546 2928 ultra - ok
15:36:18.0593 2928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:36:18.0656 2928 Update - ok
15:36:18.0765 2928 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:36:18.0765 2928 USBAAPL - ok
15:36:18.0828 2928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:36:18.0828 2928 usbccgp - ok
15:36:18.0921 2928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:36:18.0921 2928 usbehci - ok
15:36:19.0109 2928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:36:19.0109 2928 usbhub - ok
15:36:19.0546 2928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:36:19.0562 2928 usbprint - ok
15:36:19.0750 2928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:36:19.0750 2928 usbscan - ok
15:36:19.0796 2928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:36:19.0796 2928 USBSTOR - ok
15:36:19.0843 2928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:36:19.0843 2928 usbuhci - ok
15:36:19.0890 2928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:36:19.0906 2928 VgaSave - ok
15:36:19.0906 2928 ViaIde - ok
15:36:19.0953 2928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:36:19.0953 2928 VolSnap - ok
15:36:20.0062 2928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:36:20.0062 2928 Wanarp - ok
15:36:20.0093 2928 WDICA - ok
15:36:20.0171 2928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:36:20.0171 2928 wdmaud - ok
15:36:20.0406 2928 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
15:36:20.0406 2928 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
15:36:20.0406 2928 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
15:36:20.0437 2928 Boot (0x1200) (ac47ad312f8070fb487093aa375e334e) \Device\Harddisk0\DR0\Partition0
15:36:20.0437 2928 \Device\Harddisk0\DR0\Partition0 - ok
15:36:20.0437 2928 ============================================================
15:36:20.0437 2928 Scan finished
15:36:20.0437 2928 ============================================================
15:36:20.0484 2920 Detected object count: 1
15:36:20.0484 2920 Actual detected object count: 1
15:36:49.0968 2920 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
15:36:49.0968 2920 \Device\Harddisk0\DR0 - ok
15:36:49.0968 2920 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
15:36:55.0046 2836 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 07 November 2011 - 08:34 PM

Very good :)

How is IE doing now?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 09 November 2011 - 06:22 AM

Thanks for your help
I have not used IE. I was waiting for your approval to use it.
I think I'll use it today.

Here's the report.


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6067000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4550656 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF73A2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5D6B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF71DD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5EB3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF5196000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF72D2000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xF4E85000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5335000 C:\WINDOWS\system32\DRIVERS\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF74D8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF5391000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7375000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF4A00000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5E03000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7286000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF5E8B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5E65000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6043000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF72AE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7263000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5E43000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7458000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74A8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF52DE000 C:\WINDOWS\system32\DRIVERS\tmactmon.sys 118784 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xF735B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7490000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF5D53000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7478000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF742F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF724C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF5E2E000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xF57A6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5F3F000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF5F0C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7446000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF52FB000 C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 73728 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xF74C7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF723B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77C7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7857000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76F7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7867000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF592B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7647000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7877000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7627000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7747000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7617000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7677000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7607000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76C7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF4CDD000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7637000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF4FF6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7847000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7727000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7717000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7897000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF79F7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7947000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF798F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7997000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79DF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7887000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF799F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7987000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79E7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF79EF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF788F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79B7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78D7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF4E3D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AEF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5A23000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A17000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6003000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF50000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF4CA5000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF4D79000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AE3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7ACF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B3B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B51000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B39000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B07000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B3D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B3F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B33000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B35000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B09000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C63000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C7F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D0D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BCF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Edited by duenas77, 09 November 2011 - 06:42 AM.


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 09 November 2011 - 11:22 AM

Good.
Let me know how IE is doing.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:07:57 AM

Posted 10 November 2011 - 06:03 PM

Hello again

IE seems to be doing good so far. Unfortunately I work long hours and do not have a chance to use it much. But I can say so far so good. I am using it now to post my replies, that means I can access this site.

Here's the Eset scan Report

C:\Documents and Settings\Heriberto\Application Data\792AEE4FCEA47F937D9791F71B3CAEBB\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Heriberto\Application Data\792AEE4FCEA47F937D9791F71B3CAEBB\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Heriberto\Application Data\792AEE4FCEA47F937D9791F71B3CAEBB\upd_debug.exe a variant of Win32/Kryptik.PAD trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Start Menu\Programs\scancplcsc.exe a variant of Win32/Kryptik.PHE trojan cleaned by deleting - quarantined

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:57 AM

Posted 10 November 2011 - 08:10 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users