Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 error on all sites


  • Please log in to reply
5 replies to this topic

#1 shortymack

shortymack

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 07 February 2012 - 08:06 PM

Hello, I am not able to get online on all sites with my XP system showing a 404 error code after a trojan (trojan ADH.2) was found and quarantined by norton. The system is not slow or bottlenecked at all but I am thinking the registry got hijacked by this trojan. I have tried to run without add ons, reset IE8, offline reinstall of IE8, tried different users, tried to run a different browser (firefox). I can ping all sites in the cmd prompt but have no luck connecting in the browser. Ran mamb, superspyware, spybot. Is there anything I can do without having to re install? I do not have the OS media.



EDIT:Moved from WIN7 to the Am I Infected forum.

Edited by shortymack, 07 February 2012 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 PM

Posted 08 February 2012 - 12:43 AM

this looks like hosts file hijack,before fixing it,lets make sure PC is clean

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result.

Edited by narenxp, 08 February 2012 - 12:44 AM.


#3 shortymack

shortymack
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 08 February 2012 - 01:17 AM

Thank you naren, I will do that and post the log results. The only problem is that I can not DL any of the latest virus definitions with that system because its not letting me access any sites.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 PM

Posted 08 February 2012 - 08:13 AM

Copy the tools from a clean PC to the infected one

#5 shortymack

shortymack
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 08 February 2012 - 06:47 PM

Hi Naren, I copied all the tools from a clean PC, but as I expected the virus definitions on aswMBR couldnt be updated on the infected system.

Heres the logs:

14:28:26.0625 3624 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
14:28:26.0812 3624 ============================================================
14:28:26.0812 3624 Current date / time: 2012/02/08 14:28:26.0812
14:28:26.0812 3624 SystemInfo:
14:28:26.0812 3624
14:28:26.0812 3624 OS Version: 5.1.2600 ServicePack: 3.0
14:28:26.0812 3624 Product type: Workstation
14:28:26.0812 3624 ComputerName: OWNER-8D90C4E0B
14:28:26.0812 3624 UserName: don2
14:28:26.0812 3624 Windows directory: C:\WINDOWS
14:28:26.0812 3624 System windows directory: C:\WINDOWS
14:28:26.0812 3624 Processor architecture: Intel x86
14:28:26.0812 3624 Number of processors: 2
14:28:26.0812 3624 Page size: 0x1000
14:28:26.0812 3624 Boot type: Normal boot
14:28:26.0812 3624 ============================================================
14:28:27.0593 3624 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:28:27.0609 3624 Drive \Device\Harddisk5\DR10 - Size: 0x772E4400 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:28:27.0609 3624 \Device\Harddisk0\DR0:
14:28:27.0609 3624 MBR used
14:28:27.0609 3624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:28:27.0609 3624 \Device\Harddisk5\DR10:
14:28:27.0609 3624 MBR used
14:28:27.0609 3624 \Device\Harddisk5\DR10\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3B95A1
14:28:27.0734 3624 Initialize success
14:28:27.0734 3624 ============================================================
14:29:04.0500 3676 ============================================================
14:29:04.0500 3676 Scan started
14:29:04.0500 3676 Mode: Manual; TDLFS;
14:29:04.0500 3676 ============================================================
14:29:04.0671 3676 Abiosdsk - ok
14:29:04.0703 3676 abp480n5 - ok
14:29:04.0781 3676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:29:04.0781 3676 ACPI - ok
14:29:04.0843 3676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:29:04.0843 3676 ACPIEC - ok
14:29:04.0890 3676 adpu160m - ok
14:29:04.0937 3676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:29:04.0937 3676 aec - ok
14:29:05.0000 3676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:29:05.0015 3676 AFD - ok
14:29:05.0015 3676 Aha154x - ok
14:29:05.0031 3676 aic78u2 - ok
14:29:05.0078 3676 aic78xx - ok
14:29:05.0125 3676 AliIde - ok
14:29:05.0203 3676 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:29:05.0250 3676 Ambfilt - ok
14:29:05.0281 3676 amsint - ok
14:29:05.0359 3676 asc - ok
14:29:05.0406 3676 asc3350p - ok
14:29:05.0421 3676 asc3550 - ok
14:29:05.0453 3676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:29:05.0468 3676 AsyncMac - ok
14:29:05.0500 3676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:29:05.0500 3676 atapi - ok
14:29:05.0515 3676 Atdisk - ok
14:29:05.0546 3676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:29:05.0546 3676 Atmarpc - ok
14:29:05.0640 3676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:29:05.0640 3676 audstub - ok
14:29:05.0656 3676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:29:05.0671 3676 Beep - ok
14:29:05.0703 3676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:29:05.0703 3676 cbidf2k - ok
14:29:05.0703 3676 cd20xrnt - ok
14:29:05.0734 3676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:29:05.0734 3676 Cdaudio - ok
14:29:05.0796 3676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:29:05.0796 3676 Cdfs - ok
14:29:05.0828 3676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:29:05.0828 3676 Cdrom - ok
14:29:05.0843 3676 Changer - ok
14:29:05.0859 3676 CmdIde - ok
14:29:05.0921 3676 Cpqarray - ok
14:29:05.0937 3676 dac2w2k - ok
14:29:05.0937 3676 dac960nt - ok
14:29:06.0046 3676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:29:06.0046 3676 Disk - ok
14:29:06.0109 3676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:29:06.0125 3676 dmboot - ok
14:29:06.0156 3676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:29:06.0156 3676 dmio - ok
14:29:06.0171 3676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:29:06.0171 3676 dmload - ok
14:29:06.0250 3676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:29:06.0250 3676 DMusic - ok
14:29:06.0265 3676 dpti2o - ok
14:29:06.0281 3676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:29:06.0281 3676 drmkaud - ok
14:29:06.0312 3676 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
14:29:06.0312 3676 DrvAgent32 - ok
14:29:06.0375 3676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:29:06.0375 3676 Fastfat - ok
14:29:06.0390 3676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:29:06.0390 3676 Fdc - ok
14:29:06.0421 3676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:29:06.0421 3676 Fips - ok
14:29:06.0437 3676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:29:06.0437 3676 Flpydisk - ok
14:29:06.0453 3676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:29:06.0453 3676 FltMgr - ok
14:29:06.0468 3676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:29:06.0468 3676 Fs_Rec - ok
14:29:06.0500 3676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:29:06.0500 3676 Ftdisk - ok
14:29:06.0562 3676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:29:06.0562 3676 Gpc - ok
14:29:06.0656 3676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:29:06.0656 3676 HDAudBus - ok
14:29:06.0671 3676 hpn - ok
14:29:06.0718 3676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:29:06.0734 3676 HTTP - ok
14:29:06.0750 3676 i2omgmt - ok
14:29:06.0765 3676 i2omp - ok
14:29:06.0828 3676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:29:06.0828 3676 i8042prt - ok
14:29:07.0046 3676 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:29:07.0171 3676 ialm - ok
14:29:07.0203 3676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:29:07.0218 3676 Imapi - ok
14:29:07.0296 3676 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
14:29:07.0296 3676 InCDfs - ok
14:29:07.0312 3676 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
14:29:07.0312 3676 InCDPass - ok
14:29:07.0328 3676 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
14:29:07.0328 3676 InCDrec - ok
14:29:07.0328 3676 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
14:29:07.0328 3676 incdrm - ok
14:29:07.0343 3676 ini910u - ok
14:29:07.0531 3676 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:29:07.0562 3676 IntcAzAudAddService - ok
14:29:07.0640 3676 IntelIde - ok
14:29:07.0671 3676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:29:07.0671 3676 intelppm - ok
14:29:07.0703 3676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:29:07.0703 3676 Ip6Fw - ok
14:29:07.0734 3676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:29:07.0734 3676 IpFilterDriver - ok
14:29:07.0781 3676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:29:07.0781 3676 IpInIp - ok
14:29:07.0812 3676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:29:07.0812 3676 IpNat - ok
14:29:07.0843 3676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:29:07.0843 3676 IPSec - ok
14:29:07.0859 3676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:29:07.0875 3676 IRENUM - ok
14:29:07.0906 3676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:29:07.0906 3676 isapnp - ok
14:29:07.0937 3676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:29:07.0937 3676 Kbdclass - ok
14:29:08.0000 3676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:29:08.0015 3676 kmixer - ok
14:29:08.0062 3676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:29:08.0062 3676 KSecDD - ok
14:29:08.0109 3676 lbrtfdc - ok
14:29:08.0140 3676 MBAMSwissArmy - ok
14:29:08.0203 3676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:29:08.0203 3676 mnmdd - ok
14:29:08.0281 3676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:29:08.0281 3676 Modem - ok
14:29:08.0390 3676 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:29:08.0437 3676 Monfilt - ok
14:29:08.0484 3676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:29:08.0484 3676 Mouclass - ok
14:29:08.0500 3676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:29:08.0500 3676 MountMgr - ok
14:29:08.0515 3676 mraid35x - ok
14:29:08.0562 3676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:29:08.0562 3676 MRxDAV - ok
14:29:08.0593 3676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:29:08.0625 3676 MRxSmb - ok
14:29:08.0671 3676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:29:08.0671 3676 Msfs - ok
14:29:08.0734 3676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:29:08.0734 3676 MSKSSRV - ok
14:29:08.0796 3676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:29:08.0796 3676 MSPCLOCK - ok
14:29:08.0828 3676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:29:08.0828 3676 MSPQM - ok
14:29:08.0859 3676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:29:08.0859 3676 mssmbios - ok
14:29:08.0921 3676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:29:08.0921 3676 Mup - ok
14:29:08.0937 3676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:29:08.0953 3676 NDIS - ok
14:29:09.0000 3676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:29:09.0000 3676 NdisTapi - ok
14:29:09.0015 3676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:29:09.0015 3676 Ndisuio - ok
14:29:09.0031 3676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:29:09.0031 3676 NdisWan - ok
14:29:09.0078 3676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:29:09.0078 3676 NDProxy - ok
14:29:09.0093 3676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:29:09.0093 3676 NetBIOS - ok
14:29:09.0125 3676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:29:09.0125 3676 NetBT - ok
14:29:09.0171 3676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:29:09.0171 3676 Npfs - ok
14:29:09.0203 3676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:29:09.0218 3676 Ntfs - ok
14:29:09.0312 3676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:29:09.0312 3676 Null - ok
14:29:09.0343 3676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:29:09.0343 3676 NwlnkFlt - ok
14:29:09.0359 3676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:29:09.0359 3676 NwlnkFwd - ok
14:29:09.0375 3676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:29:09.0390 3676 Parport - ok
14:29:09.0406 3676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:29:09.0406 3676 PartMgr - ok
14:29:09.0421 3676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:29:09.0421 3676 ParVdm - ok
14:29:09.0453 3676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:29:09.0453 3676 PCI - ok
14:29:09.0468 3676 PCIDump - ok
14:29:09.0500 3676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:29:09.0500 3676 PCIIde - ok
14:29:09.0531 3676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:29:09.0546 3676 Pcmcia - ok
14:29:09.0546 3676 PDCOMP - ok
14:29:09.0562 3676 PDFRAME - ok
14:29:09.0578 3676 PDRELI - ok
14:29:09.0593 3676 PDRFRAME - ok
14:29:09.0625 3676 perc2 - ok
14:29:09.0625 3676 perc2hib - ok
14:29:09.0687 3676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:29:09.0687 3676 PptpMiniport - ok
14:29:09.0703 3676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:29:09.0703 3676 PSched - ok
14:29:09.0703 3676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:29:09.0718 3676 Ptilink - ok
14:29:09.0718 3676 ql1080 - ok
14:29:09.0765 3676 Ql10wnt - ok
14:29:09.0812 3676 ql12160 - ok
14:29:09.0828 3676 ql1240 - ok
14:29:09.0843 3676 ql1280 - ok
14:29:09.0859 3676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:29:09.0859 3676 RasAcd - ok
14:29:09.0890 3676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:29:09.0890 3676 Rasl2tp - ok
14:29:09.0921 3676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:29:09.0937 3676 RasPppoe - ok
14:29:09.0968 3676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:29:09.0968 3676 Raspti - ok
14:29:10.0046 3676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:29:10.0046 3676 Rdbss - ok
14:29:10.0109 3676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:29:10.0109 3676 RDPCDD - ok
14:29:10.0203 3676 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:29:10.0203 3676 RDPWD - ok
14:29:10.0250 3676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:29:10.0250 3676 redbook - ok
14:29:10.0328 3676 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:29:10.0328 3676 RTL8023xp - ok
14:29:10.0359 3676 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:29:10.0375 3676 rtl8139 - ok
14:29:10.0468 3676 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:29:10.0468 3676 SASDIFSV - ok
14:29:10.0468 3676 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:29:10.0468 3676 SASKUTIL - ok
14:29:10.0609 3676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:29:10.0609 3676 Secdrv - ok
14:29:10.0640 3676 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:29:10.0656 3676 serenum - ok
14:29:10.0656 3676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:29:10.0656 3676 Serial - ok
14:29:10.0687 3676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:29:10.0687 3676 Sfloppy - ok
14:29:10.0703 3676 Simbad - ok
14:29:10.0718 3676 Sparrow - ok
14:29:10.0796 3676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:29:10.0796 3676 splitter - ok
14:29:10.0828 3676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:29:10.0828 3676 sr - ok
14:29:10.0859 3676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:29:10.0875 3676 Srv - ok
14:29:10.0937 3676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:29:10.0937 3676 swenum - ok
14:29:10.0984 3676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:29:11.0000 3676 swmidi - ok
14:29:11.0015 3676 symc810 - ok
14:29:11.0015 3676 symc8xx - ok
14:29:11.0062 3676 sym_hi - ok
14:29:11.0078 3676 sym_u3 - ok
14:29:11.0109 3676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:29:11.0109 3676 sysaudio - ok
14:29:11.0171 3676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:29:11.0187 3676 Tcpip - ok
14:29:11.0218 3676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:29:11.0218 3676 TDPIPE - ok
14:29:11.0250 3676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:29:11.0265 3676 TDTCP - ok
14:29:11.0296 3676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:29:11.0296 3676 TermDD - ok
14:29:11.0312 3676 TosIde - ok
14:29:11.0343 3676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:29:11.0343 3676 Udfs - ok
14:29:11.0359 3676 ultra - ok
14:29:11.0375 3676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:29:11.0375 3676 Update - ok
14:29:11.0437 3676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:29:11.0437 3676 usbehci - ok
14:29:11.0453 3676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:29:11.0453 3676 usbhub - ok
14:29:11.0515 3676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:29:11.0515 3676 usbprint - ok
14:29:11.0546 3676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:29:11.0546 3676 usbscan - ok
14:29:11.0625 3676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:29:11.0625 3676 USBSTOR - ok
14:29:11.0687 3676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:29:11.0687 3676 usbuhci - ok
14:29:11.0703 3676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:29:11.0703 3676 VgaSave - ok
14:29:11.0703 3676 ViaIde - ok
14:29:11.0734 3676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:29:11.0734 3676 VolSnap - ok
14:29:11.0765 3676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:29:11.0765 3676 Wanarp - ok
14:29:11.0781 3676 WDICA - ok
14:29:11.0859 3676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:29:11.0859 3676 wdmaud - ok
14:29:11.0937 3676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:29:11.0937 3676 WudfPf - ok
14:29:11.0953 3676 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:29:12.0109 3676 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:29:12.0109 3676 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:29:12.0109 3676 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk5\DR10
14:29:20.0468 3676 \Device\Harddisk5\DR10 - ok
14:29:20.0468 3676 Boot (0x1200) (bc2fa4a41d0f67012bc9f6ecaca459b0) \Device\Harddisk0\DR0\Partition0
14:29:20.0468 3676 \Device\Harddisk0\DR0\Partition0 - ok
14:29:20.0484 3676 Boot (0x1200) (f647602fdead911ffa1db1f0a86b8ecd) \Device\Harddisk5\DR10\Partition0
14:29:20.0484 3676 \Device\Harddisk5\DR10\Partition0 - ok
14:29:20.0484 3676 ============================================================
14:29:20.0484 3676 Scan finished
14:29:20.0484 3676 ============================================================
14:29:20.0484 3668 Detected object count: 1
14:29:20.0484 3668 Actual detected object count: 1
14:31:25.0718 3668 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
14:31:25.0734 3668 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:31:25.0734 3668 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
14:31:25.0750 3668 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:31:25.0750 3668 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:31:25.0750 3668 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:31:25.0781 3668 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:31:25.0812 3668 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:31:25.0812 3668 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:31:25.0828 3668 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:31:25.0859 3668 \Device\Harddisk0\DR0\TDLFS\wdbhph - copied to quarantine
14:31:25.0859 3668 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine
14:31:25.0859 3668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
14:33:42.0515 3620 Deinitialize success


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 15:08:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3160812A rev.3.AAJ
Running: huos4p1x.exe; Driver: C:\DOCUME~1\don2\LOCALS~1\Temp\agpdrfod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA93BA640]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----


aswMBR:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 15:23:25
-----------------------------
15:23:25.593 OS Version: Windows 5.1.2600 Service Pack 3
15:23:25.593 Number of processors: 2 586 0x40A
15:23:25.593 ComputerName: OWNER-8D90C4E0B UserName: don2
15:23:25.968 Initialize success
15:23:44.671 AVAST engine download error: 404
15:24:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:24:04.250 Disk 0 Vendor: MAXTOR_STM3160812A 3.AAJ Size: 152627MB BusType: 3
15:24:04.281 Disk 0 MBR read successfully
15:24:04.281 Disk 0 MBR scan
15:24:04.281 Disk 0 Windows XP default MBR code
15:24:04.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
15:24:04.312 Disk 0 scanning sectors +312560640
15:24:04.421 Disk 0 scanning C:\WINDOWS\system32\drivers
15:24:22.375 Service scanning
15:24:23.234 Modules scanning
15:24:59.484 Disk 0 trace - called modules:
15:24:59.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:24:59.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658d4e0]
15:24:59.515 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000058[0x865c7510]
15:24:59.515 5 ACPI.sys[f745e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865c6940]
15:24:59.515 Scan finished successfully
15:25:37.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\don2\Desktop\MBR.dat"
15:25:37.156 The log file has been saved successfully to "C:\Documents and Settings\don2\Desktop\aswMBR.txt"
15:26:02.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\don2\Desktop\MBR.dat"
15:26:02.578 The log file has been saved successfully to "C:\Documents and Settings\don2\Desktop\aswMBR.txt"


minitoolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by don2 (administrator) on 08-02-2012 at 15:27:30
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-8d90c4e0b

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain_not_set.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain_not_set.invalid

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-50-8D-C9-56-20

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, February 08, 2012 2:24:02 PM

Lease Expires . . . . . . . . . . : Thursday, February 09, 2012 2:24:02 PM

Server: dslmodem.domain
Address: 192.168.1.1

Name: google.com.domain_not_set.invalid
Address: 206.46.232.55



Pinging google.com [206.46.232.55] with 32 bytes of data:



Reply from 206.46.232.55: bytes=32 time=70ms TTL=245

Reply from 206.46.232.55: bytes=32 time=68ms TTL=245



Ping statistics for 206.46.232.55:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 70ms, Average = 69ms

Server: dslmodem.domain
Address: 192.168.1.1

Name: yahoo.com.domain_not_set.invalid
Address: 206.46.232.55



Pinging yahoo.com [206.46.232.55] with 32 bytes of data:



Reply from 206.46.232.55: bytes=32 time=68ms TTL=245

Reply from 206.46.232.55: bytes=32 time=69ms TTL=245



Ping statistics for 206.46.232.55:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 69ms, Average = 68ms

Server: dslmodem.domain
Address: 192.168.1.1

Name: bleepingcomputer.com.domain_not_set.invalid
Address: 206.46.232.55



Pinging bleepingcomputer.com [206.46.232.55] with 32 bytes of data:



Reply from 206.46.232.55: bytes=32 time=71ms TTL=245

Reply from 206.46.232.55: bytes=32 time=69ms TTL=245



Ping statistics for 206.46.232.55:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 71ms, Average = 70ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d c9 56 20 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 PM

Posted 08 February 2012 - 11:14 PM

DOwnload

Host fix


Run it,restart your PC and see if you still have 404 errors.

I want you to run TDSSkiller once again and post the log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users