Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

3 Trojan Viruses detected by Symantic, please help


  • Please log in to reply
31 replies to this topic

#1 MagageeMay

MagageeMay

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 February 2012 - 12:56 PM

This computer has been through a lot (3 roommates, a teen in the house, etc). I have Symantic on the computer and it says there are a couple viruses on here. I was new to this web site last week and a VERY VERY helpful, kind person helped clean up my fiance's computer for us. While that was going on we turned to this computer as our main one for a few days. Now that i know i can get help to clean things up, i was hoping for some input on this one. I don't know a lot about computers but if you give directions, i can follow them! From my minute knowledge Symantic looks to have 3 different Trojan viruses Quarantined. Please help! Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 01 February 2012 - 01:37 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 February 2012 - 02:17 PM

13:42:34.0432 0484 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:42:34.0948 0484 ============================================================
13:42:34.0948 0484 Current date / time: 2012/02/01 13:42:34.0948
13:42:34.0948 0484 SystemInfo:
13:42:34.0948 0484
13:42:34.0948 0484 OS Version: 5.1.2600 ServicePack: 3.0
13:42:34.0948 0484 Product type: Workstation
13:42:34.0948 0484 ComputerName: DELL_H5V7F21
13:42:34.0948 0484 UserName: Maggie
13:42:34.0948 0484 Windows directory: C:\WINDOWS
13:42:34.0948 0484 System windows directory: C:\WINDOWS
13:42:34.0948 0484 Processor architecture: Intel x86
13:42:34.0948 0484 Number of processors: 1
13:42:34.0948 0484 Page size: 0x1000
13:42:34.0948 0484 Boot type: Normal boot
13:42:34.0948 0484 ============================================================
13:42:36.0495 0484 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:36.0557 0484 Drive \Device\Harddisk2\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:42:36.0573 0484 \Device\Harddisk0\DR0:
13:42:36.0573 0484 MBR used
13:42:36.0573 0484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC10, BlocksNum 0x94CF8B1
13:42:36.0573 0484 \Device\Harddisk2\DR5:
13:42:36.0573 0484 MBR used
13:42:36.0573 0484 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
13:42:36.0807 0484 Initialize success
13:42:36.0807 0484 ============================================================
13:42:51.0010 1344 ============================================================
13:42:51.0010 1344 Scan started
13:42:51.0010 1344 Mode: Manual; TDLFS;
13:42:51.0010 1344 ============================================================
13:42:53.0495 1344 Abiosdsk - ok
13:42:53.0542 1344 abp480n5 - ok
13:42:53.0635 1344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:42:53.0635 1344 ACPI - ok
13:42:53.0682 1344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:42:53.0760 1344 ACPIEC - ok
13:42:53.0807 1344 adpu160m - ok
13:42:53.0854 1344 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
13:42:53.0932 1344 aeaudio - ok
13:42:54.0010 1344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:42:54.0026 1344 aec - ok
13:42:54.0104 1344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:42:54.0104 1344 AFD - ok
13:42:54.0151 1344 Aha154x - ok
13:42:54.0182 1344 aic78u2 - ok
13:42:54.0229 1344 aic78xx - ok
13:42:54.0276 1344 AliIde - ok
13:42:54.0338 1344 Amps2prt (a6215b60b98ba023ec5606a360d502af) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
13:42:54.0448 1344 Amps2prt - ok
13:42:54.0526 1344 amsint - ok
13:42:54.0588 1344 asc - ok
13:42:54.0635 1344 asc3350p - ok
13:42:54.0667 1344 asc3550 - ok
13:42:54.0776 1344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:42:54.0823 1344 AsyncMac - ok
13:42:54.0870 1344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:42:54.0901 1344 atapi - ok
13:42:54.0932 1344 Atdisk - ok
13:42:55.0010 1344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:42:55.0073 1344 Atmarpc - ok
13:42:55.0151 1344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:42:55.0182 1344 audstub - ok
13:42:55.0276 1344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:42:55.0276 1344 Beep - ok
13:42:55.0385 1344 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:42:55.0495 1344 BVRPMPR5 - ok
13:42:55.0604 1344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:42:55.0682 1344 cbidf2k - ok
13:42:55.0776 1344 cd20xrnt - ok
13:42:55.0838 1344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:42:55.0838 1344 Cdaudio - ok
13:42:55.0885 1344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:42:55.0901 1344 Cdfs - ok
13:42:55.0948 1344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:42:56.0042 1344 Cdrom - ok
13:42:56.0088 1344 Changer - ok
13:42:56.0151 1344 CmdIde - ok
13:42:56.0229 1344 Cpqarray - ok
13:42:56.0276 1344 dac2w2k - ok
13:42:56.0307 1344 dac960nt - ok
13:42:56.0401 1344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:42:56.0401 1344 Disk - ok
13:42:56.0510 1344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:42:56.0604 1344 dmboot - ok
13:42:56.0729 1344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:42:56.0729 1344 dmio - ok
13:42:56.0792 1344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:42:56.0792 1344 dmload - ok
13:42:56.0870 1344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:42:56.0870 1344 DMusic - ok
13:42:56.0948 1344 dpti2o - ok
13:42:56.0995 1344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:42:56.0995 1344 drmkaud - ok
13:42:57.0073 1344 E100B (842c20ba5d00fa40e5a25b20fecd0f57) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:42:57.0088 1344 E100B - ok
13:42:57.0182 1344 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:42:57.0198 1344 eeCtrl - ok
13:42:57.0260 1344 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:42:57.0276 1344 EraserUtilRebootDrv - ok
13:42:57.0370 1344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:42:57.0432 1344 Fastfat - ok
13:42:57.0479 1344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:42:57.0510 1344 Fdc - ok
13:42:57.0604 1344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:42:57.0620 1344 Fips - ok
13:42:57.0667 1344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:42:57.0729 1344 Flpydisk - ok
13:42:57.0792 1344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:42:57.0807 1344 FltMgr - ok
13:42:57.0870 1344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:42:57.0870 1344 Fs_Rec - ok
13:42:57.0917 1344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:42:57.0932 1344 Ftdisk - ok
13:42:57.0995 1344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:42:58.0120 1344 GEARAspiWDM - ok
13:42:58.0182 1344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:42:58.0276 1344 Gpc - ok
13:42:58.0448 1344 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:42:58.0448 1344 hidusb - ok
13:42:58.0526 1344 hpn - ok
13:42:58.0604 1344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:42:58.0620 1344 HTTP - ok
13:42:58.0667 1344 i2omgmt - ok
13:42:58.0698 1344 i2omp - ok
13:42:58.0729 1344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:42:58.0807 1344 i8042prt - ok
13:42:58.0885 1344 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:42:58.0917 1344 ialm - ok
13:42:58.0963 1344 IdeBusDr (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
13:42:58.0963 1344 IdeBusDr - ok
13:42:59.0010 1344 IdeChnDr (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
13:42:59.0010 1344 IdeChnDr - ok
13:42:59.0088 1344 IKFileFlt (692aafd3628a1455a2108f2ddfc1fde5) C:\WINDOWS\system32\drivers\ikfileflt.sys
13:42:59.0135 1344 IKFileFlt - ok
13:42:59.0213 1344 IKFileSec (94b141f1c253e17e3802e5b0b406d9c2) C:\WINDOWS\system32\drivers\ikfilesec.sys
13:42:59.0260 1344 IKFileSec - ok
13:42:59.0385 1344 IkSysFlt (b9be23cc260bfc3f78448eed16a5f5ee) C:\WINDOWS\system32\drivers\iksysflt.sys
13:42:59.0448 1344 IkSysFlt - ok
13:42:59.0542 1344 IKSysSec (74988f2b0b7b919a7c59ed31d2bcf2a6) C:\WINDOWS\system32\drivers\iksyssec.sys
13:42:59.0620 1344 IKSysSec - ok
13:42:59.0698 1344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:42:59.0760 1344 Imapi - ok
13:42:59.0823 1344 ini910u - ok
13:42:59.0885 1344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:42:59.0885 1344 IntelIde - ok
13:42:59.0948 1344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:42:59.0979 1344 intelppm - ok
13:43:00.0057 1344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:43:00.0104 1344 Ip6Fw - ok
13:43:00.0229 1344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:43:00.0276 1344 IpFilterDriver - ok
13:43:00.0307 1344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:43:00.0354 1344 IpInIp - ok
13:43:00.0417 1344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:43:00.0417 1344 IpNat - ok
13:43:00.0495 1344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:43:00.0495 1344 IPSec - ok
13:43:00.0542 1344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:43:00.0588 1344 IRENUM - ok
13:43:00.0667 1344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:43:00.0667 1344 isapnp - ok
13:43:00.0713 1344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:43:00.0729 1344 Kbdclass - ok
13:43:00.0776 1344 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:43:00.0792 1344 kbdhid - ok
13:43:00.0838 1344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:43:00.0838 1344 kmixer - ok
13:43:00.0885 1344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:43:00.0917 1344 KSecDD - ok
13:43:00.0948 1344 lbrtfdc - ok
13:43:01.0042 1344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:43:01.0057 1344 mnmdd - ok
13:43:01.0104 1344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:43:01.0167 1344 Modem - ok
13:43:01.0229 1344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:43:01.0276 1344 Mouclass - ok
13:43:01.0401 1344 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:43:01.0401 1344 mouhid - ok
13:43:01.0448 1344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:43:01.0463 1344 MountMgr - ok
13:43:01.0495 1344 mraid35x - ok
13:43:01.0526 1344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:43:01.0542 1344 MRxDAV - ok
13:43:01.0620 1344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:43:01.0635 1344 MRxSmb - ok
13:43:01.0729 1344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:43:01.0729 1344 Msfs - ok
13:43:01.0807 1344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:43:01.0854 1344 MSKSSRV - ok
13:43:01.0901 1344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:43:01.0948 1344 MSPCLOCK - ok
13:43:01.0979 1344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:43:02.0010 1344 MSPQM - ok
13:43:02.0073 1344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:43:02.0073 1344 mssmbios - ok
13:43:02.0120 1344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:43:02.0135 1344 Mup - ok
13:43:02.0292 1344 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.001\naveng.sys
13:43:02.0307 1344 NAVENG - ok
13:43:02.0417 1344 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.001\navex15.sys
13:43:02.0448 1344 NAVEX15 - ok
13:43:02.0588 1344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:43:02.0588 1344 NDIS - ok
13:43:02.0651 1344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:43:02.0651 1344 NdisTapi - ok
13:43:02.0698 1344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:43:02.0698 1344 Ndisuio - ok
13:43:02.0760 1344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:43:02.0854 1344 NdisWan - ok
13:43:02.0917 1344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:43:02.0932 1344 NDProxy - ok
13:43:02.0995 1344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:43:02.0995 1344 NetBIOS - ok
13:43:03.0057 1344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:43:03.0057 1344 NetBT - ok
13:43:03.0182 1344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:43:03.0182 1344 Npfs - ok
13:43:03.0260 1344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:43:03.0292 1344 Ntfs - ok
13:43:03.0354 1344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:43:03.0354 1344 Null - ok
13:43:03.0417 1344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:43:03.0448 1344 NwlnkFlt - ok
13:43:03.0495 1344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:43:03.0542 1344 NwlnkFwd - ok
13:43:03.0682 1344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:43:03.0713 1344 Parport - ok
13:43:03.0745 1344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:43:03.0745 1344 PartMgr - ok
13:43:03.0838 1344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:43:03.0838 1344 ParVdm - ok
13:43:03.0885 1344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:43:03.0885 1344 PCI - ok
13:43:03.0932 1344 PCIDump - ok
13:43:03.0963 1344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:43:03.0963 1344 PCIIde - ok
13:43:04.0026 1344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:43:04.0088 1344 Pcmcia - ok
13:43:04.0151 1344 PDCOMP - ok
13:43:04.0182 1344 PDFRAME - ok
13:43:04.0213 1344 PDRELI - ok
13:43:04.0260 1344 PDRFRAME - ok
13:43:04.0292 1344 perc2 - ok
13:43:04.0323 1344 perc2hib - ok
13:43:04.0448 1344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:43:04.0526 1344 PptpMiniport - ok
13:43:04.0588 1344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:43:04.0620 1344 PSched - ok
13:43:04.0651 1344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:43:04.0682 1344 Ptilink - ok
13:43:04.0729 1344 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:43:04.0729 1344 PxHelp20 - ok
13:43:04.0776 1344 ql1080 - ok
13:43:04.0807 1344 Ql10wnt - ok
13:43:04.0838 1344 ql12160 - ok
13:43:04.0870 1344 ql1240 - ok
13:43:04.0917 1344 ql1280 - ok
13:43:04.0948 1344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:43:04.0948 1344 RasAcd - ok
13:43:05.0010 1344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:43:05.0042 1344 Rasl2tp - ok
13:43:05.0088 1344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:43:05.0135 1344 RasPppoe - ok
13:43:05.0229 1344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:43:05.0245 1344 Raspti - ok
13:43:05.0307 1344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:43:05.0323 1344 Rdbss - ok
13:43:05.0354 1344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:43:05.0354 1344 RDPCDD - ok
13:43:05.0401 1344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:43:05.0463 1344 rdpdr - ok
13:43:05.0542 1344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:43:05.0557 1344 RDPWD - ok
13:43:05.0635 1344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:43:05.0729 1344 redbook - ok
13:43:05.0917 1344 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys
13:43:06.0042 1344 SAVRT - ok
13:43:06.0073 1344 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:43:06.0120 1344 SAVRTPEL - ok
13:43:06.0323 1344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:43:06.0354 1344 Secdrv - ok
13:43:06.0448 1344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:43:06.0510 1344 serenum - ok
13:43:06.0588 1344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:43:06.0620 1344 Serial - ok
13:43:06.0713 1344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:43:06.0729 1344 Sfloppy - ok
13:43:06.0792 1344 Simbad - ok
13:43:06.0885 1344 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
13:43:06.0917 1344 smwdm - ok
13:43:06.0979 1344 Sparrow - ok
13:43:07.0135 1344 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:43:07.0292 1344 SPBBCDrv - ok
13:43:07.0417 1344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:43:07.0417 1344 splitter - ok
13:43:07.0510 1344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:43:07.0510 1344 sr - ok
13:43:07.0588 1344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:43:07.0604 1344 Srv - ok
13:43:07.0651 1344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:43:07.0667 1344 swenum - ok
13:43:07.0729 1344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:43:07.0729 1344 swmidi - ok
13:43:07.0792 1344 symc810 - ok
13:43:07.0823 1344 symc8xx - ok
13:43:07.0932 1344 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS
13:43:07.0979 1344 SymEvent - ok
13:43:08.0057 1344 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:43:08.0057 1344 SYMREDRV - ok
13:43:08.0135 1344 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:43:08.0151 1344 SYMTDI - ok
13:43:08.0182 1344 sym_hi - ok
13:43:08.0229 1344 sym_u3 - ok
13:43:08.0276 1344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:43:08.0276 1344 sysaudio - ok
13:43:08.0370 1344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:43:08.0385 1344 Tcpip - ok
13:43:08.0463 1344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:43:08.0495 1344 TDPIPE - ok
13:43:08.0526 1344 TDSSserv.sys - ok
13:43:08.0588 1344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:43:08.0651 1344 TDTCP - ok
13:43:08.0745 1344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:43:08.0823 1344 TermDD - ok
13:43:08.0901 1344 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:43:08.0901 1344 tifsfilter - ok
13:43:08.0979 1344 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:43:08.0995 1344 timounter - ok
13:43:09.0042 1344 TosIde - ok
13:43:09.0120 1344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:43:09.0167 1344 Udfs - ok
13:43:09.0198 1344 ultra - ok
13:43:09.0292 1344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:43:09.0338 1344 Update - ok
13:43:09.0401 1344 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:43:09.0401 1344 USBAAPL - ok
13:43:09.0479 1344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:43:09.0495 1344 usbccgp - ok
13:43:09.0557 1344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:43:09.0573 1344 usbehci - ok
13:43:09.0604 1344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:43:09.0698 1344 usbhub - ok
13:43:09.0807 1344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:43:09.0807 1344 usbscan - ok
13:43:09.0838 1344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:43:09.0885 1344 USBSTOR - ok
13:43:09.0979 1344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:43:09.0995 1344 usbuhci - ok
13:43:10.0073 1344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:43:10.0073 1344 VgaSave - ok
13:43:10.0104 1344 ViaIde - ok
13:43:10.0151 1344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:43:10.0151 1344 VolSnap - ok
13:43:10.0260 1344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:43:10.0260 1344 Wanarp - ok
13:43:10.0292 1344 WDICA - ok
13:43:10.0370 1344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:43:10.0370 1344 wdmaud - ok
13:43:10.0604 1344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:43:10.0620 1344 WS2IFSL - ok
13:43:10.0713 1344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:43:10.0776 1344 WudfPf - ok
13:43:10.0838 1344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:43:10.0870 1344 WudfRd - ok
13:43:10.0963 1344 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:43:11.0213 1344 \Device\Harddisk0\DR0 - ok
13:43:11.0245 1344 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR5
13:43:11.0401 1344 \Device\Harddisk2\DR5 - ok
13:43:11.0432 1344 Boot (0x1200) (d6ea499c91761a2273773bdbc702b798) \Device\Harddisk0\DR0\Partition0
13:43:11.0432 1344 \Device\Harddisk0\DR0\Partition0 - ok
13:43:11.0448 1344 Boot (0x1200) (d5123cfa8ad048fa18fa0a8b26e4a4a0) \Device\Harddisk2\DR5\Partition0
13:43:11.0448 1344 \Device\Harddisk2\DR5\Partition0 - ok
13:43:11.0448 1344 ============================================================
13:43:11.0448 1344 Scan finished
13:43:11.0448 1344 ============================================================
13:43:11.0495 1044 Detected object count: 0
13:43:11.0495 1044 Actual detected object count: 0


Running GMER now

#4 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 February 2012 - 02:57 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 14:56:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 WDC_WD80 rev.05.0
Running: uom18ixm[1].exe; Driver: C:\DOCUME~1\Maggie\LOCALS~1\Temp\pwdcipow.sys


---- System - GMER 1.0.15 ----

SSDT 820C0160 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFA09DC0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFA0A020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device EC784D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#5 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 February 2012 - 03:18 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 14:59:04
-----------------------------
14:59:04.838 OS Version: Windows 5.1.2600 Service Pack 3
14:59:04.838 Number of processors: 1 586 0x207
14:59:04.838 ComputerName: DELL_H5V7F21 UserName: Maggie
14:59:06.651 Initialize success
15:01:06.307 AVAST engine defs: 12020100
15:02:46.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
15:02:46.573 Disk 0 Vendor: WDC_WD80 05.0 Size: 76319MB BusType: 3
15:02:46.573 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0
15:02:46.588 Disk 1 Vendor: IOMEGA__ 42.S Size: 76319MB BusType: 2
15:02:46.760 Disk 0 MBR read successfully
15:02:46.760 Disk 0 MBR scan
15:02:47.213 Disk 0 Windows XP default MBR code
15:02:47.213 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 125 MB offset 63
15:02:47.432 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76191 MB offset 257040
15:02:47.588 Disk 0 scanning sectors +156296385
15:02:48.135 Disk 0 scanning C:\WINDOWS\system32\drivers
15:03:59.292 Service scanning
15:04:02.948 Modules scanning
15:04:20.323 Disk 0 trace - called modules:
15:04:20.385 ntoskrnl.exe CLASSPNP.SYS disk.sys IdeChnDr.sys hal.dll
15:04:20.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8339d3e0]
15:04:20.401 3 CLASSPNP.SYS[f8a98fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x8339b030]
15:04:22.667 AVAST engine scan C:\WINDOWS
15:05:09.776 AVAST engine scan C:\WINDOWS\system32
15:12:12.495 AVAST engine scan C:\WINDOWS\system32\drivers
15:13:02.292 AVAST engine scan C:\Documents and Settings\Maggie
15:17:34.979 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Maggie\Desktop\MBR.dat"
15:17:35.088 The log file has been saved successfully to "C:\Documents and Settings\Maggie\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 01 February 2012 - 08:33 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Let me know if it still finds infections after the scan

Good luck

#7 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 February 2012 - 12:59 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Maggie :: DELL_H5V7F21 [administrator]

2/2/2012 11:29:38 AM
mbam-log-2012-02-02 (12-58-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295489
Time elapsed: 1 hour(s), 28 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350} (Rogue.VirusRemover) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKLM\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|podmena (Trojan.Agent) -> Data: podmena^^ -> No action taken.
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List|8085:TCP (Malware.Trace) -> Data: 8085:TCP:*:Enabled:podmena -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 2
C:\Documents and Settings\Maggie\Application Data\gadcom (Trojan.Agent) -> No action taken.
C:\Program Files\podmena (Trojan.Downloader) -> No action taken.

Files Detected: 8
C:\WINDOWS\zaponce53173.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\zaponce53198.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\zaponce53222.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\zaponce53290.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\dk39fi4fe.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> No action taken.

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 02 February 2012 - 01:27 PM

-> No action taken.

Run malwarebytes scan again and right click on results and select-check all items

Click on REMOVE INFECTIONS


Restart the PC and run malwarebytes once and post the log

Also post the ESET scanner log

#9 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 February 2012 - 02:41 PM

C:\zRestore\Documents and Settings\Maggie May\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 02 February 2012 - 02:45 PM

I'm still waiting for malwarebytes log

You have not removed infections after malware bytes scan.

Run malwarebytes scan again and right click on results and select-check all items

Click on REMOVE INFECTIONS


Restart the PC and run malwarebytes once and post the log

#11 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 February 2012 - 03:09 PM

I'm sorry. You are quicker than my computer. I did do the remove infections after the initial malwarebytes scan (before running the ESET) but i did not restart until after ESET was done scanning.
The computer has now restarted and Malwarebytes is running the second time. This computer if very slow. I apologize. I probably should have given a play by play about what was going on. I will post new malwarebytes log when the scan is completed.

#12 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 February 2012 - 04:23 PM

New Malwarebytes log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Maggie :: DELL_H5V7F21 [administrator]

2/2/2012 2:58:10 PM
mbam-log-2012-02-02 (14-58-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295424
Time elapsed: 1 hour(s), 24 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 03 February 2012 - 08:38 AM

Download

FSS

Checkmark

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update


Click on "Scan".
Please copy and paste the log to your reply.

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


How is the PC now?

#14 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 03 February 2012 - 10:00 AM

Symantic did a scan this morning. the same 3 things are still showing up as quarantined.
I ran FSS, running mini toolbox now
Here is the FSS log:
Farbar Service Scanner Version: 02-02-2012
Ran by Maggie (administrator) on 03-02-2012 at 09:59:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:58 AM

Posted 03 February 2012 - 10:05 AM

Symantic did a scan this morning. the same 3 things are still showing up as quarantined. //

Can you post the quarantined log here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users