Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit


  • This topic is locked This topic is locked
5 replies to this topic

#1 Michaela1

Michaela1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 07 February 2012 - 05:07 PM

Windows xp pro service pack 3. Malwarebytes infected with possible dropper couple weeks ago. Eset found Win/32.

2/5/2012 5:47:52 AM Real-time file system protection file C:\System Volume Information\_restore{7323898E-20BE-43EF-8343-67D5922C3F31}\RP1005\A0149777.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.
2/5/2012 5:47:08 AM Real-time file system protection file C:\System Volume Information\_restore{7323898E-20BE-43EF-8343-67D5922C3F31}\RP1005\A0149724.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.
2/4/2012 5:58:42 PM Real-time file system protection file C:\SYSTEM VOLUME INFORMATION\_RESTORE{7323898E-20BE-43EF-8343-67D5922C3F31}\RP976\A0108236.DLL Win32/Toolbar.MyWebSearch potentially unwanted application cleaned by deleting - quarantined BRAD\Super User Event occurred during an attempt to access the file by the application: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.
2/4/2012 5:58:41 PM Real-time file system protection file C:\SYSTEM VOLUME INFORMATION\_RESTORE{7323898E-20BE-43EF-8343-67D5922C3F31}\RP976\A0108234.DLL Win32/Toolbar.MyWebSearch potentially unwanted application cleaned by deleting - quarantined BRAD\Super User Event occurred during an attempt to access the file by the application: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Eset, malwarebytes, and superantispyware all come up with clean scans. Since having the dropper virus, Advance system care, Driver manager, Win Utilities and Secunia PSI have been installed. I tried to get the system restore to go back several times all the way to Jan 1, 2012. The operation would not complete. In fear of still haveing a virus I turned it off. Internet connection has been changed to gateway and computer is responding slow. Went to Gmer and downloaded program for results to come back with rootkit. Under processes in Gmer C:\windows\explorer.exe is highlighted in red along with C:\documents under libraries on the processes tab. I would appreciate any help at this point to diagnose and read logs. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:19 AM

Posted 07 February 2012 - 05:11 PM

Can you please run the following TDSSKiller to see what it finds? if it asks you to fix anything, then PLEASE DO NOT FIX ANYTHING, and post the resulting log that is stored in the C:\ via My Computer.

#3 Michaela1

Michaela1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 07 February 2012 - 05:35 PM

16:28:14.0887 1176 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
16:28:15.0418 1176 ============================================================
16:28:15.0418 1176 Current date / time: 2012/02/07 16:28:15.0418
16:28:15.0418 1176 SystemInfo:
16:28:15.0418 1176
16:28:15.0418 1176 OS Version: 5.1.2600 ServicePack: 3.0
16:28:15.0418 1176 Product type: Workstation
16:28:15.0418 1176 ComputerName: BRAD
16:28:15.0418 1176 UserName: Super User
16:28:15.0418 1176 Windows directory: C:\WINDOWS
16:28:15.0418 1176 System windows directory: C:\WINDOWS
16:28:15.0418 1176 Processor architecture: Intel x86
16:28:15.0418 1176 Number of processors: 1
16:28:15.0418 1176 Page size: 0x1000
16:28:15.0418 1176 Boot type: Normal boot
16:28:15.0418 1176 ============================================================
16:28:17.0911 1176 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:28:17.0911 1176 \Device\Harddisk0\DR0:
16:28:17.0911 1176 MBR used
16:28:17.0911 1176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
16:28:17.0972 1176 Initialize success
16:28:17.0972 1176 ============================================================
16:28:19.0994 2904 ============================================================
16:28:19.0994 2904 Scan started
16:28:19.0994 2904 Mode: Manual;
16:28:19.0994 2904 ============================================================
16:28:21.0587 2904 Abiosdsk - ok
16:28:21.0847 2904 abp480n5 - ok
16:28:22.0869 2904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:28:22.0929 2904 ACPI - ok
16:28:23.0249 2904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:28:23.0259 2904 ACPIEC - ok
16:28:23.0620 2904 adpu160m - ok
16:28:23.0920 2904 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
16:28:23.0920 2904 aeaudio - ok
16:28:24.0311 2904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:28:24.0401 2904 aec - ok
16:28:24.0942 2904 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:28:24.0952 2904 AegisP - ok
16:28:25.0292 2904 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:28:25.0352 2904 AFD - ok
16:28:25.0773 2904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:28:25.0803 2904 agp440 - ok
16:28:26.0043 2904 Aha154x - ok
16:28:26.0283 2904 aic78u2 - ok
16:28:26.0504 2904 aic78xx - ok
16:28:26.0844 2904 AliIde - ok
16:28:27.0055 2904 amsint - ok
16:28:27.0505 2904 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys
16:28:27.0675 2904 AR5211 - ok
16:28:28.0737 2904 AR5416 (2788504b2027b88532dacd187bcacc9c) C:\WINDOWS\system32\DRIVERS\athw.sys
16:28:29.0528 2904 AR5416 - ok
16:28:29.0738 2904 asc - ok
16:28:30.0530 2904 asc3350p - ok
16:28:30.0760 2904 asc3550 - ok
16:28:31.0201 2904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:28:31.0211 2904 AsyncMac - ok
16:28:31.0541 2904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:28:31.0581 2904 atapi - ok
16:28:31.0791 2904 Atdisk - ok
16:28:32.0172 2904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:28:32.0192 2904 Atmarpc - ok
16:28:32.0482 2904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:28:32.0512 2904 audstub - ok
16:28:32.0833 2904 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
16:28:32.0843 2904 BANTExt - ok
16:28:33.0223 2904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:28:33.0223 2904 Beep - ok
16:28:33.0564 2904 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
16:28:33.0584 2904 BVRPMPR5 - ok
16:28:33.0894 2904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:28:33.0904 2904 cbidf2k - ok
16:28:34.0335 2904 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:28:34.0355 2904 CCDECODE - ok
16:28:34.0585 2904 cd20xrnt - ok
16:28:34.0856 2904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:28:34.0856 2904 Cdaudio - ok
16:28:35.0176 2904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:28:35.0196 2904 Cdfs - ok
16:28:35.0577 2904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:28:35.0597 2904 Cdrom - ok
16:28:35.0847 2904 Changer - ok
16:28:36.0088 2904 CmdIde - ok
16:28:36.0298 2904 Cpqarray - ok
16:28:36.0638 2904 dac2w2k - ok
16:28:36.0849 2904 dac960nt - ok
16:28:37.0660 2904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:28:37.0680 2904 Disk - ok
16:28:38.0231 2904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:28:38.0521 2904 dmboot - ok
16:28:38.0932 2904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
16:28:39.0002 2904 dmio - ok
16:28:39.0252 2904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:28:39.0252 2904 dmload - ok
16:28:39.0563 2904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:28:39.0583 2904 DMusic - ok
16:28:39.0913 2904 dpti2o - ok
16:28:40.0183 2904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:28:40.0193 2904 drmkaud - ok
16:28:40.0524 2904 E1000 (4754eb9f8a40d6be6a009622fe2530e8) C:\WINDOWS\system32\DRIVERS\e1000nt5.sys
16:28:40.0564 2904 E1000 - ok
16:28:41.0025 2904 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
16:28:41.0085 2904 eamon - ok
16:28:41.0395 2904 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
16:28:41.0475 2904 ehdrv - ok
16:28:41.0786 2904 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
16:28:41.0826 2904 epfwtdir - ok
16:28:42.0307 2904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:28:42.0377 2904 Fastfat - ok
16:28:42.0627 2904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:28:42.0637 2904 Fdc - ok
16:28:42.0947 2904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:28:42.0967 2904 Fips - ok
16:28:43.0428 2904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:28:43.0438 2904 Flpydisk - ok
16:28:43.0729 2904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:28:43.0779 2904 FltMgr - ok
16:28:44.0069 2904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:28:44.0079 2904 Fs_Rec - ok
16:28:44.0540 2904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:28:44.0590 2904 Ftdisk - ok
16:28:44.0830 2904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:28:44.0840 2904 Gpc - ok
16:28:45.0131 2904 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:28:45.0151 2904 hidusb - ok
16:28:45.0511 2904 hpn - ok
16:28:45.0832 2904 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:28:45.0852 2904 HPZid412 - ok
16:28:46.0192 2904 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:28:46.0192 2904 HPZipr12 - ok
16:28:46.0673 2904 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:28:46.0693 2904 HPZius12 - ok
16:28:47.0113 2904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:28:47.0224 2904 HTTP - ok
16:28:47.0424 2904 i2omgmt - ok
16:28:47.0764 2904 i2omp - ok
16:28:48.0075 2904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:28:48.0095 2904 i8042prt - ok
16:28:48.0395 2904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:28:48.0425 2904 Imapi - ok
16:28:48.0766 2904 ini910u - ok
16:28:49.0046 2904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:28:49.0056 2904 IntelIde - ok
16:28:49.0367 2904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:28:49.0387 2904 intelppm - ok
16:28:49.0667 2904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:28:49.0687 2904 Ip6Fw - ok
16:28:50.0138 2904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:28:50.0158 2904 IpFilterDriver - ok
16:28:50.0428 2904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:28:50.0448 2904 IpInIp - ok
16:28:50.0809 2904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:28:51.0029 2904 IpNat - ok
16:28:51.0340 2904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:28:51.0380 2904 IPSec - ok
16:28:51.0720 2904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:28:51.0730 2904 IRENUM - ok
16:28:52.0171 2904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:28:52.0191 2904 isapnp - ok
16:28:52.0491 2904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:28:52.0511 2904 Kbdclass - ok
16:28:52.0772 2904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:28:52.0792 2904 kbdhid - ok
16:28:53.0262 2904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:28:53.0332 2904 kmixer - ok
16:28:53.0613 2904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:28:53.0663 2904 KSecDD - ok
16:28:53.0973 2904 lbrtfdc - ok
16:28:54.0514 2904 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:28:54.0564 2904 mbamchameleon - ok
16:28:55.0105 2904 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:28:55.0115 2904 MBAMProtector - ok
16:28:55.0546 2904 MEMSWEEP2 - ok
16:28:55.0796 2904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:28:55.0826 2904 mnmdd - ok
16:28:56.0116 2904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:28:56.0176 2904 Modem - ok
16:28:56.0577 2904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:28:56.0677 2904 Mouclass - ok
16:28:57.0098 2904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:28:57.0108 2904 mouhid - ok
16:28:57.0358 2904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:28:57.0508 2904 MountMgr - ok
16:28:57.0719 2904 mraid35x - ok
16:28:57.0999 2904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:28:58.0059 2904 MRxDAV - ok
16:28:58.0500 2904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:28:58.0650 2904 MRxSmb - ok
16:28:59.0361 2904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:28:59.0391 2904 Msfs - ok
16:28:59.0822 2904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:28:59.0832 2904 MSKSSRV - ok
16:29:01.0374 2904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:29:01.0374 2904 MSPCLOCK - ok
16:29:02.0005 2904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:29:02.0095 2904 MSPQM - ok
16:29:02.0856 2904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:29:02.0866 2904 mssmbios - ok
16:29:03.0447 2904 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:29:03.0507 2904 MSTEE - ok
16:29:04.0178 2904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:29:04.0308 2904 Mup - ok
16:29:04.0789 2904 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:29:04.0909 2904 NABTSFEC - ok
16:29:05.0670 2904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:29:05.0730 2904 NDIS - ok
16:29:05.0971 2904 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:29:06.0061 2904 NdisIP - ok
16:29:06.0752 2904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:29:06.0832 2904 NdisTapi - ok
16:29:07.0453 2904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:29:07.0483 2904 Ndisuio - ok
16:29:08.0354 2904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:29:08.0524 2904 NdisWan - ok
16:29:09.0115 2904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:29:09.0215 2904 NDProxy - ok
16:29:09.0666 2904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:29:09.0686 2904 NetBIOS - ok
16:29:10.0217 2904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:29:10.0267 2904 NetBT - ok
16:29:10.0627 2904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:29:10.0697 2904 Npfs - ok
16:29:11.0278 2904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:29:11.0549 2904 Ntfs - ok
16:29:11.0869 2904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:29:11.0919 2904 Null - ok
16:29:13.0191 2904 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:29:13.0802 2904 nv - ok
16:29:14.0182 2904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:29:14.0202 2904 NwlnkFlt - ok
16:29:14.0493 2904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:29:14.0513 2904 NwlnkFwd - ok
16:29:14.0853 2904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:29:14.0913 2904 Parport - ok
16:29:15.0354 2904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:29:15.0394 2904 PartMgr - ok
16:29:15.0685 2904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:29:15.0715 2904 ParVdm - ok
16:29:15.0995 2904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:29:16.0025 2904 PCI - ok
16:29:16.0285 2904 PCIDump - ok
16:29:16.0626 2904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
16:29:16.0636 2904 PCIIde - ok
16:29:16.0986 2904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:29:17.0036 2904 Pcmcia - ok
16:29:17.0287 2904 PDCOMP - ok
16:29:17.0527 2904 PDFRAME - ok
16:29:17.0768 2904 PDRELI - ok
16:29:17.0988 2904 PDRFRAME - ok
16:29:18.0188 2904 perc2 - ok
16:29:18.0398 2904 perc2hib - ok
16:29:19.0069 2904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:29:19.0109 2904 PptpMiniport - ok
16:29:19.0360 2904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:29:19.0420 2904 Processor - ok
16:29:19.0650 2904 PROCEXP151 - ok
16:29:19.0931 2904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:29:20.0011 2904 PSched - ok
16:29:20.0291 2904 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:29:20.0311 2904 PSI - ok
16:29:20.0652 2904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:29:20.0662 2904 Ptilink - ok
16:29:20.0932 2904 ql1080 - ok
16:29:21.0172 2904 Ql10wnt - ok
16:29:21.0483 2904 ql12160 - ok
16:29:21.0733 2904 ql1240 - ok
16:29:22.0024 2904 ql1280 - ok
16:29:22.0324 2904 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
16:29:22.0334 2904 QV2KUX - ok
16:29:22.0715 2904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:29:22.0725 2904 RasAcd - ok
16:29:23.0115 2904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:29:23.0145 2904 Rasl2tp - ok
16:29:23.0466 2904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:29:23.0536 2904 RasPppoe - ok
16:29:24.0217 2904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:29:24.0227 2904 Raspti - ok
16:29:24.0557 2904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:29:24.0617 2904 Rdbss - ok
16:29:24.0998 2904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:29:25.0028 2904 RDPCDD - ok
16:29:25.0388 2904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:29:25.0529 2904 rdpdr - ok
16:29:25.0839 2904 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:29:25.0889 2904 RDPWD - ok
16:29:26.0160 2904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:29:26.0180 2904 redbook - ok
16:29:26.0440 2904 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:29:26.0450 2904 RimVSerPort - ok
16:29:26.0750 2904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:29:26.0760 2904 ROOTMODEM - ok
16:29:27.0121 2904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:29:27.0131 2904 Secdrv - ok
16:29:27.0361 2904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:29:27.0371 2904 serenum - ok
16:29:27.0632 2904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:29:27.0652 2904 Serial - ok
16:29:27.0882 2904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:29:27.0912 2904 Sfloppy - ok
16:29:28.0172 2904 Simbad - ok
16:29:28.0443 2904 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:29:28.0453 2904 SLIP - ok
16:29:28.0974 2904 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
16:29:29.0264 2904 smwdm - ok
16:29:29.0484 2904 Sparrow - ok
16:29:29.0755 2904 SpiderG3 - ok
16:29:30.0015 2904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:29:30.0035 2904 splitter - ok
16:29:30.0336 2904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
16:29:30.0366 2904 sr - ok
16:29:30.0746 2904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:29:30.0866 2904 Srv - ok
16:29:31.0117 2904 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:29:31.0137 2904 streamip - ok
16:29:31.0447 2904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:29:31.0447 2904 swenum - ok
16:29:31.0798 2904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:29:31.0838 2904 swmidi - ok
16:29:32.0048 2904 symc810 - ok
16:29:32.0258 2904 symc8xx - ok
16:29:32.0469 2904 sym_hi - ok
16:29:32.0669 2904 sym_u3 - ok
16:29:32.0919 2904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:29:32.0939 2904 sysaudio - ok
16:29:33.0320 2904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:29:33.0470 2904 Tcpip - ok
16:29:33.0710 2904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:29:33.0720 2904 TDPIPE - ok
16:29:33.0941 2904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:29:33.0951 2904 TDTCP - ok
16:29:34.0191 2904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:29:34.0211 2904 TermDD - ok
16:29:34.0421 2904 TosIde - ok
16:29:35.0062 2904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:29:35.0173 2904 Udfs - ok
16:29:35.0393 2904 ultra - ok
16:29:35.0924 2904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:29:36.0054 2904 Update - ok
16:29:36.0324 2904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:29:36.0334 2904 usbccgp - ok
16:29:36.0695 2904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:29:36.0705 2904 usbehci - ok
16:29:36.0945 2904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:29:36.0995 2904 usbhub - ok
16:29:37.0286 2904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:29:37.0296 2904 usbprint - ok
16:29:37.0566 2904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:29:37.0576 2904 usbscan - ok
16:29:37.0836 2904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:29:37.0876 2904 USBSTOR - ok
16:29:38.0567 2904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:29:38.0567 2904 usbuhci - ok
16:29:38.0828 2904 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:29:38.0868 2904 usbvideo - ok
16:29:39.0148 2904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:29:39.0158 2904 VgaSave - ok
16:29:39.0379 2904 ViaIde - ok
16:29:39.0629 2904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:29:39.0649 2904 VolSnap - ok
16:29:39.0929 2904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:29:39.0939 2904 Wanarp - ok
16:29:40.0140 2904 WDICA - ok
16:29:40.0430 2904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:29:40.0460 2904 wdmaud - ok
16:29:40.0751 2904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:29:40.0761 2904 WS2IFSL - ok
16:29:41.0011 2904 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
16:29:41.0031 2904 WSIMD - ok
16:29:41.0311 2904 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:29:41.0321 2904 WSTCODEC - ok
16:29:41.0361 2904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:29:41.0582 2904 \Device\Harddisk0\DR0 - ok
16:29:41.0582 2904 Boot (0x1200) (827c42bf734728ae017dc6e703c69f9e) \Device\Harddisk0\DR0\Partition0
16:29:41.0582 2904 \Device\Harddisk0\DR0\Partition0 - ok
16:29:41.0582 2904 ============================================================
16:29:41.0582 2904 Scan finished
16:29:41.0582 2904 ============================================================
16:29:41.0592 0760 Detected object count: 0
16:29:41.0592 0760 Actual detected object count: 0
16:31:32.0291 3776 Deinitialize success

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:19 AM

Posted 08 February 2012 - 11:54 AM

TDSS Killer didn't detect any rootkit infection. Still having issues?

#5 Michaela1

Michaela1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 08 February 2012 - 01:57 PM

Oh my is it ever. This thing has gotten both computers. It has went into our security settings and is using many different users to control the computer. We change them and they go right back. We are in safe mode now. It is using a gateway. What can I give you to help?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:19 AM

Posted 08 February 2012 - 03:56 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users